US20030126453A1 - Processor supporting execution of an authenticated code instruction - Google Patents

Processor supporting execution of an authenticated code instruction Download PDF

Info

Publication number
US20030126453A1
US20030126453A1 US10/039,961 US3996101A US2003126453A1 US 20030126453 A1 US20030126453 A1 US 20030126453A1 US 3996101 A US3996101 A US 3996101A US 2003126453 A1 US2003126453 A1 US 2003126453A1
Authority
US
United States
Prior art keywords
processor
code module
execution
instruction
execution units
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US10/039,961
Inventor
Andrew Glew
James Sutton
Lawrence Smith
David Grawrock
Gilbert Neiger
Michael Kozuch
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Intel Corp
Original Assignee
Intel Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corp filed Critical Intel Corp
Priority to US10/039,961 priority Critical patent/US20030126453A1/en
Assigned to INTEL CORPORATION reassignment INTEL CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: SUTTON, JAMES A., SMITH, LAWRENCE O., GLEW, ANDREW F., GRAWROCK, DAVID W., NEIGER, GILBERT, KOZUCH, MICHAEL A.
Publication of US20030126453A1 publication Critical patent/US20030126453A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/12Replacement control
    • G06F12/121Replacement control using replacement algorithms
    • G06F12/126Replacement control using replacement algorithms with special data handling, e.g. priority of data or instructions, handling errors or pinning
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/25Using a specific main memory architecture
    • G06F2212/251Local memory within processor subsystem
    • G06F2212/2515Local memory within processor subsystem being configurable for different purposes, e.g. as cache or non-cache memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2105Dual mode as a secondary aspect
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2153Using hardware token as a secondary aspect

Definitions

  • Computing devices execute firmware and/or software code to perform various operations.
  • the code may be in the form of user applications, BIOS routines, operating system routines, etc.
  • Some operating systems provide limited protections for maintaining the integrity of the computing device against rogue code. For example, an administrator may limit users or groups of users to executing certain pre-approved code. Further, an administrator may configure a sandbox or an isolated environment in which untrusted code may be executed until the administrator deems the code trustworthy. While the above techniques provide some protection, they generally require an administrator to manually make a trust determination based upon the provider of the code, historic performance of the code, and/or review of the source code itself.
  • an entity e.g. software manufacturer
  • a certificate such as a X.509 certificate that digitally signs the code and attests to the integrity of the code.
  • An administrator may configure an operating system to automatically allow users to execute code that provides a certificate from a trusted entity without the administrator specifically analyzing the code in question. While the above technique may be sufficient for some environments, the above technique inherently trusts the operating system or other software executing under the control of the operating system to correctly process the certificate.
  • the code to be executed may result in the computing device determining whether the operating system is to be trusted. Relying on the operating system to authenticate such code would thwart the purpose of the code. Further, the code to be executed may comprise system initialization code that is executed prior to the operating system of the computing device. Such code therefore cannot be authenticated by the operating system.
  • FIGS. 1 A- 1 E illustrate example embodiments of a computing device having private memory.
  • FIG. 2 illustrates an example authenticated code (AC) module that may launched by the computing device shown in FIGS. 1 A- 1 E.
  • AC authenticated code
  • FIG. 3 illustrates an example embodiment of the processor of the computing device shown in FIGS. 1 A- 1 E.
  • FIG. 4 illustrates an example method of launching the AC module shown in FIG. 2.
  • FIG. 5 illustrates an example method of terminating execution of the AC module shown in FIG. 2.
  • FIG. 6 illustrates another embodiment of the computing device shown in FIGS. 1 A- 1 E.
  • FIGS. 7 A- 7 B illustrate example methods of launching and terminating execution of the AC module shown in FIG. 2.
  • FIG. 8 illustrates a system for simulating, emulating, and/or testing the processors of the computing devices shown in FIGS. 1 A- 1 E.
  • AC authenticated code
  • numerous specific details such as logic implementations, opcodes, means to specify operands, resource partitioning/sharing/duplication implementations, types and interrelationships of system components, and logic partitioning/integration choices are set forth in order to provide a more thorough understanding of the present invention. It will be appreciated, however, by one skilled in the art that the invention may be practiced without such specific details. In other instances, control structures, gate level circuits and full software instruction sequences have not been shown in detail in order not to obscure the invention. Those of ordinary skill in the art, with the included descriptions, will be able to implement appropriate functionality without undue experimentation.
  • references in the specification to “one embodiment”, “an embodiment”, “an example embodiment”, etc., indicate that the embodiment described may include a particular feature, structure, or characteristic, but every embodiment may not necessarily include the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Further, when a particular feature, structure, or characteristic is described in connection with an embodiment, it is submitted that it is within the knowledge of one skilled in the art to effect such feature, structure, or characteristic in connection with other embodiments whether or not explicitly described.
  • Coupled may mean that two or more elements are in direct physical or electrical contact. However, “coupled” may also mean that two or more elements are not in direct contact with each other, but yet still co-operate or interact with each other.
  • Example embodiments of a computing device 100 are shown in FIGS. 1 A- 1 E.
  • the computing device 100 may comprise one or more processors 110 coupled to a chipset 120 via a processor bus 130 .
  • the chipset 120 may comprise one or more integrated circuit packages or chips that couple the processors 110 to system memory 140 , a physical token 150 , private memory 160 , a media interface 170 , and/or other I/O devices of the computing device 100 .
  • Each processor 110 may be implemented as a single integrated circuit, multiple integrated circuits, or hardware with software routines (e.g., binary translation routines). Further, the processors 110 may comprise cache memories 112 and control registers 114 via which the cache memories 112 may be configured to operate in a normal cache mode or in a cache-as-RAM mode. In the normal cache mode, the cache memories 112 satisfy memory requests in response to cache: hits, replace cache lines in response to cache misses, and may invalidate or replace cache lines in response to snoop requests of the processor bus 130 .
  • the cache memories 112 operate as random access memory in which requests within the memory range of the cache memories 112 are satisfied by the cache memories and lines of the cache are not replaced or invalidated in response to snoop requests of the processor bus 130 .
  • the processors 110 may further comprise a key 116 such as, for example, a key of a symmetric cryptographic algorithm (e.g. the well known DES, 3DES, and AES algorithms) or of an asymmetric cryptographic algorithm (e.g. the well-known RSA algorithm).
  • the processor 110 may use the key 116 to authentic an AC module 190 prior to executing the AC module 190 .
  • the processors 110 may support one or more operating modes such as, for example, a real mode, a protected mode, a virtual real mode, and a virtual machine mode (VMX mode). Further, the processors 110 may support one or more privilege levels or rings in each of the supported operating modes. In general, the operating modes and privilege levels of a processor 110 define the instructions available for execution and the effect of executing such instructions. More specifically, a processor 110 may be permitted to execute certain privileged instructions only if the processor 110 is in an appropriate mode and/or privilege level.
  • the processors 110 may also support locking of the processor bus 130 . As a result of locking the processor bus 130 , a processor 110 obtains exclusive ownership of the processor bus 130 . The other processors 110 and the chipset 120 may not obtain ownership of the processor bus 130 until the processor bus 130 is released. In an example embodiment, a processor 110 may issue a special transaction on the processor bus 130 that provides the other processors 110 and the chipset 120 with a LT.PROCESSOR.HOLD message. The LT.PROCESSOR.HOLD bus message prevents the other processors 110 and the chipset 120 from acquiring ownership of the processor bus 130 until the processor 110 releases the processor bus 130 via a LT.PROCESSOR.RELEASE bus message.
  • the processors 110 may however support alternative and/or additional methods of locking the processor bus 130 .
  • a processor 110 may inform the other processors 110 and/or the chipset 120 of the lock condition by issuing an Inter-Processor Interrupt, asserting a processor bus lock signal, asserting a processor bus request signal, and/or causing the other processors 110 to halt execution.
  • the processor 110 may release the processor bus 130 by issuing an Inter-Processor Interrupt, deasserting a processor bus lock signal, deasserting a processor bus request signal, and/or causing the other processors 110 to resume execution.
  • the processors 110 may further support launching AC modules 190 and terminating execution of AC modules 190 .
  • the processors 110 support execution of an ENTERAC instruction that loads, authenticates, and initiates execution of an AC module 190 from private memory 160 .
  • the processors 110 may support additional or different instructions that cause the processors 110 to load, authenticate, and/or initiate execution of an AC module 190 .
  • These other instructions may be variants for launching AC modules 190 or may be concerned with other operations that launch AC modules 190 to help accomplish a larger task.
  • the ENTERAC instruction and these other instructions are referred to hereafter as launch AC instructions despite the fact that some of these instructions may load, authenticate, and launch an AC module 190 as a side effect of another operation such as, for example, establishing a trusted computing environment.
  • the processors 110 further support execution of an EXITAC instruction that terminates execution of an AC module 190 and initiates post-AC code (See, FIG. 6).
  • the processors 110 may support additional or different instructions that result in the processors 110 terminating an AC module 190 and launching post-AC code.
  • These other instructions may be variants of the EXITAC instruction for terminating AC modules 190 or may be instructions concerned primarily with other operations that result in AC modules 190 being terminated as part of a larger operation.
  • the EXITAC instruction and these other instructions are referred to hereafter as terminate AC instructions despite the fact that some of these instructions may terminate AC modules 190 and launch post-AC code as a side effect of another operation such as, for example, tearing down a trusted computing environment.
  • the chipset 120 may comprise a memory controller 122 for controlling access to the memory 140 . Further, the chipset 120 may comprise a key 124 that the processor 110 may use to authentic an AC module 190 prior to execution. Similar to the key 116 of the processor 110 , the key 124 may comprise a key of a symmetric or asymmetric cryptographic algorithm.
  • the chipset 120 may also comprise trusted platform registers 126 to control and provide status information about trusted platform features of the chipset 120 .
  • the chipset 120 maps the trusted platform registers 126 to a private space 142 and/or a public space 144 of the memory 140 to enable the processors 110 to access the trusted platform registers 126 in a consistent manner.
  • the chipset 120 may map a subset of the registers 126 as read only locations in the public space 144 and may map the registers 126 as read/write locations in the private space 142 .
  • the chipset 120 may configure the private space 142 in a manner that enables only processors 110 in the most privileged mode to access its mapped registers 126 with privileged read and write transactions.
  • the chipset 120 may further configure the public space 144 in a manner that enables processors 110 in all privilege modes to access its mapped registers 126 with normal read and write transactions.
  • the chipset 120 may also open the private space 142 in response to an OpenPrivate command being written to a command register 126 .
  • the processors 110 may access the private space 142 in the same manner as the public space 144 with normal unprivileged read and write transactions.
  • the physical token 150 of the computing device 100 comprises protected storage for recording integrity metrics and storing secrets such as, for example, encryption keys.
  • the physical token 150 may perform various integrity functions in response to requests from the processors 110 and the chipset 120 .
  • the physical token 150 may store integrity metrics in a trusted manner, may quote integrity metrics in a trusted manner, may seal secrets such as encryption keys to a particular environment, and may only unseal secrets to the environment to which they were sealed.
  • the term “platform key” is used to refer to a key that is sealed to a particular hardware and/or software environment.
  • the physical token 150 may be implemented in a number of different manners. However, in an example embodiment, the physical token 150 is implemented to comply with the specification of the Trusted Platform Module (TPM) described in detail in the Trusted Computing Platform Alliance (TCPA) Main Specification, Version 1.1, Jul. 31, 2001.
  • TPM Trusted Platform Module
  • the private memory 160 may store an AC module 190 in a manner that allows the processor or processors 110 that are to execute the AC module 190 to access the AC module 190 and that prevents other processors 110 and components of the computing device 100 from altering the AC module 190 or interfering with the execution of the AC module 190 .
  • the private memory 160 may be implemented with the cache memory 112 of the processor 110 that is executing the launch AC instruction.
  • the private memory 160 may be implemented as a memory area internal to the processor 110 that is separate from its cache memory 112 as shown in FIG. 1B.
  • the private memory 160 may also be implemented as a separate external memory coupled to the processors 110 via a separate dedicated bus as shown in FIG. 1C, thus enabling only the processors 110 having associated external memories to validly execute launch AC instructions.
  • the private memory 160 may also be implemented via the system memory 140 .
  • the chipset 120 and/or processors 110 may define certain regions of the memory 140 as private memory 160 (see FIG. 1D) that may be restricted to a specific processor 110 and that may only be accessed by the specific processor 110 when in a particular operating mode.
  • the processor 110 relies on the memory controller 122 of the chipset 120 to access the private memory 160 and the AC module 190 . Accordingly, an AC module 190 may not be able to reconfigure the memory controller 122 without denying the processor 110 access to the AC module 190 and thus causing the processor 110 to abort execution of the AC module 190 .
  • the private memory 160 may also be implemented as a separate memory coupled to a separate private memory controller 128 of the chipset 120 as shown in FIG. 1E.
  • the private memory controller 128 may provide a separate interface to the private memory 160 .
  • the processor 110 may be able to reconfigure the memory controller 122 for the system memory 140 in a manner that ensures that the processor 110 will be able to access the private memory 160 and the AC module 190 .
  • the separate private memory controller 128 overcomes some disadvantages of the embodiment shown in FIG. 1D at the expense of an additional memory and memory controller.
  • the AC module 190 may be provided in any of a variety of machine readable mediums 180 .
  • the media interface 170 provides an interface to a machine readable medium 180 and AC module 190 .
  • the machine readable medium 180 may comprise any medium that can store, at least temporarily, information for reading by the machine interface 170 . This may include signal transmissions (via wire, optics, or air as the medium) and/or physical storage media such as various types of disk and memory storage devices.
  • the AC module 190 may comprise code 210 and data 220 .
  • the code 210 comprises one or more code pages 212 and the data 220 comprises one or more data pages 222 .
  • Each code page 212 and data page 222 in an example embodiment corresponds to a 4 kilobyte contiguous memory region; however, the code 210 and data 220 may be implemented with different page sizes or in a non-paging manner.
  • the code pages 212 comprise processor instructions to be executed by one or more processors 110 and the data pages 222 comprise data to be accessed by one or more processors 110 and/or scratch pad for storing data generated by one or more processors 110 in response to executing instructions of the code pages 212 .
  • the AC module 190 may further comprise one or more headers 230 that may be part of the code 210 or the data 220 .
  • the headers 230 may provide information about the AC module 190 such as, for example, module author, copyright notice, module version, module execution point location, module length, authentication method, etc.
  • the AC module 190 may further comprise a signature 240 which may be a part of the code 210 , data 220 , and/or headers 230 .
  • the signature 240 may provide information about the AC module 190 , authentication entity, authentication message, authentication method, and/or digest value.
  • the AC module 190 may also comprise an end of module marker 250 .
  • the end of module marker 250 specifies the end of the AC module 190 and may be used as an alternative to specifying the length of the AC module 190 .
  • the code pages 212 and data pages 222 may be specified in a contiguous manner and the end of module marker 250 may comprise a predefined bit pattern that signals the end of the code pages 212 and data pages 222 .
  • the AC module 190 may specify its length and/or end in a number of different manners.
  • the header 230 may specify the number of bytes or the number of pages the AC module 190 contains.
  • launch AC and terminate AC instructions may expect the AC module 190 be a predefined number of bytes in length or contain a predefined number of pages.
  • launch AC and terminate AC instructions may comprise operands that specify the length of the AC module 190 .
  • the AC module 190 may reside in a contiguous region of the memory 140 that is contiguous in the physical memory space or that is contiguous in virtual memory space. Whether physically or virtually contiguous, the locations of the memory 140 that store the AC module 190 may be specified by a starting location and a length and/or end of module marker 250 may specify. Alternatively, the AC module 190 may be stored in memory 140 in neither a physically or a virtually contiguous manner. For example, the AC module 190 may be stored in a data structure such as, for example, a linked list that permits the computing device 100 to store and retrieve the AC module 190 from the memory 140 in a non-contiguous manner.
  • the example processors 110 support launch AC instructions that load the AC module 190 into private memory 160 and initiate execution of the AC module 190 from an execution point 260 .
  • An AC module 190 to be launched by such a launch AC instruction may comprise code 210 which when loaded into the private memory 160 places the execution point 260 at a location specified one or more operands of a launch AC instruction.
  • a launch AC instruction may result in the processor 110 obtaining the location of the execution point 260 from the AC module 190 itself.
  • the code 210 , data 220 , a header 230 , and/or signature 240 may comprise one or more fields that specify the location of the execution point 260 .
  • the example processors 110 support launch AC instructions that authenticated the AC module 190 prior to execution.
  • the AC module 190 may comprise information to support authenticity determinations by the processors 110 .
  • the signature 240 may comprise a digest value 242 .
  • the digest value 242 may be generated by passing the AC module 190 through a hashing algorithm (e.g. SHA-1 or MD5) or some other algorithm.
  • the signature 240 may also be encrypted to prevent alteration of the digest value 242 via an encryption algorithm (e.g. DES, 3DES, AES, and/or RSA algorithms).
  • the signature 240 is RSA-encrypted with the private key that corresponds to a public key of the processor key 116 , the chipset key 120 , and/or platform key 152 .
  • the AC module 190 may be authenticated via other mechanisms.
  • the AC module 190 may utilize different hashing algorithms or different encryption algorithms.
  • the AC module 190 may comprise information in the code 210 , data 220 , headers 230 , and/or signature 240 that indicate which algorithms were used.
  • the AC module 190 may also be protected by encrypting the whole AC module 190 for decryption via a symmetric or asymmetric key of the processor key 116 , chipset key 124 , or platform key 152 .
  • the processor 110 may comprise a front end 302 , a register file 306 , one or more execution units 370 , and a retirement unit or back end 380 .
  • the front end 302 comprises a processor bus interface 304 , a fetching unit 330 having instruction and instruction pointer registers 314 , 316 , a decoder 340 , an instruction queue 350 , and one or more cache memories 360 .
  • the register file 306 comprises general purpose registers 312 , status/control registers 318 , and other registers 320 .
  • the fetching unit 330 fetches the instructions specified by the instruction pointer registers 316 from the memory 140 via the processor bus interface 304 or the cache memories 360 and stores the fetched instructions in the instruction registers 314 .
  • An instruction register 314 may contain more than one instruction. According, the decoder 340 identifies the instructions in the instruction registers 314 and places the identified instructions in the instruction queue 350 in a form suitable for execution. For example, the decoder 340 may generate and store one or more micro-operations (uops) for each identified instruction in the instruction queue 350 . Alternatively, the decoder 340 may generate and store a single macro-operation (Mop) for each identified instruction in the instruction queue 350 . Unless indicated otherwise the term ops is used hereafter to refer to both uops and Mops.
  • the processor 110 further comprises one or more execution units 370 that perform the operations dictated by the ops of the instruction queue 350 .
  • the execution units 370 may comprise hashing units, decryption units, and/or microcode units that implement authentication operations that may be used to authenticate the AC module 190 .
  • the execution units 370 may perform in-order execution of the ops stored in the instruction queue 350 .
  • the processor 110 supports out-of-order execution of ops by the execution units 370 .
  • the processor 110 may further comprise a retirement unit 380 that removes ops from the instruction queue 350 in-order and commits the results of executing the ops to one or more registers 312 , 314 , 316 , 318 , 320 to insure proper in-order results.
  • a retirement unit 380 that removes ops from the instruction queue 350 in-order and commits the results of executing the ops to one or more registers 312 , 314 , 316 , 318 , 320 to insure proper in-order results.
  • the decoder 340 may generate one or more ops for an identified launch AC instruction and the execution units 370 may load, authenticate, and/or initiate execution of an AC module 190 in response to executing the associated ops. Further, the decoder 340 may generate one or more ops for an identified terminate AC instruction and the execution units 370 may terminate execution of an AC module 190 , adjust security aspects of the computing device 100 , and/or initiate execution of post-AC code in response to executing the associated ops.
  • the decoder 340 may generate one or more ops that depend on the launch AC instruction and the zero or more operands associated with the launch AC instruction.
  • Each launch AC instruction and its associated operands specify parameters for launching the AC module 190 .
  • the launch AC instruction and/or operands may specify parameters about the AC module 190 such as AC module location, AC module length, and/or AC module execution point.
  • the launch AC instruction and/or operands may also specify parameters about the private memory 160 such as, for example, private memory location, private memory length, and/or private memory implementation.
  • the launch AC instruction and/or operands may further specify parameters for authenticating the AC module 190 such as specifying which authentication algorithms, hashing algorithms, decryption,algorithms, and/or other algorithms are to be used.
  • the launch AC instruction and/.or operands may further specify parameters for the algorithms such as, for example, key length, key location, and/or keys.
  • the launch AC instruction and/or operands may further specify parameters to configure the computer system 100 for AC module launch such as, for example, specifying events to be masked/unmasked and/or security capabilities to be updated.
  • the launch AC instructions and/or operands may provide fewer, additional, and/or different parameters than those described above.
  • the launch AC instructions may comprise zero or more explicit operands and/or implicit operands.
  • the launch AC instruction may have operand values implicitly specified by processor registers and/or memory locations despite the launch AC instruction itself not comprising fields that define the location of these operands.
  • the launch AC instruction may explicitly specify the operands via various techniques such as, for example, immediate data, register identification, absolute addresses, and/or relative addresses.
  • the decoder 340 may also generate one or more ops that depend on the terminate AC instructions and the zero or more operands associated with the terminate AC instructions.
  • Each terminate AC instruction and its associated operands specify parameters for terminating execution of the AC module 190 .
  • the terminate AC instruction and/or operands may specify parameters about the AC module 190 such as AC module location and/or AC module length.
  • the terminate AC instruction and/or operands may also specify parameters about the private memory 160 such as, for example, private memory location, private memory length, and/or private implementation.
  • the terminate AC instruction and/or operands may specify parameters about launching post-AC code such as, for example., launching method and/or post-AC code execution point.
  • the terminate AC instruction and/or operands may further specify parameters to configure the computer system 100 for post-AC code execution such as, for example, specifying events to be masked/unmasked and/or security capabilities to be updated.
  • the terminate AC instructions and/or operands may provide fewer, additional, and/or different parameters than those described above. Furthermore, the terminate AC instructions may comprise zero or more explicit operands and/or implicit operands in a manner as described above in regard to the launch AC instructions.
  • FIG. 4 there is depicted a method 400 of launching an AC module 190 .
  • the method 400 illustrates the operations of a processor 110 in response to executing an example ENTERAC instruction having an authenticate operand, a module operand, and a length operand.
  • an example ENTERAC instruction having an authenticate operand, a module operand, and a length operand.
  • launch AC instructions having fewer, additional, and/or different operands without undue experimentation.
  • the processor 110 determines whether the environment is appropriate to start execution of an AC module 190 . For example, the processor 110 may verify that its current privilege level, operating mode, and/or addressing mode are appropriate. Further, if the processor supports multiple hardware threads, the processor may verify that all other threads have halted. The processor 110 may further verify that the chipset 120 meets certain requirements. In an example embodiment of the ENTERAC instruction, the processor 110 determines that the environment is appropriate in response to determining that the processor 110 is in a protected flat mode of operation, that the processor's current privilege level is 0, that the processor 110 has halted all other threads of execution, and that the chipset 120 provides trusted platform capabilities as indicated by one or more registers 126 . Other embodiments of launch AC instructions may define appropriate environments differently. Other launch AC instructions and/or associated operands may specify environment requirements that result in the processor 110 verifying fewer, additional, and/or different parameters of its environment.
  • the processor 110 may terminate the ENTERAC instruction with an appropriate error code (block 408 ). Alternatively, the processor 110 may further trap to some more trusted software layer to permit emulation of the ENTERAC instruction.
  • the processor 110 in block 414 may update event processing to support launching the AC module 190 .
  • the processor 110 masks processing of the INTR, NMI, SMI, INIT, and A20M events.
  • Other launch AC instructions and/or associated operands may specify masking fewer, additional, and/or different events.
  • other launch AC instructions and/or associated operands may explicitly specify the events to be masked and the events to be unmasked.
  • other embodiments may avoid masking events by causing the computing device 100 to execute trusted code such as, for example, event handlers of the AC module 190 in response to such events.
  • the processor 110 in block 416 may lock the processor bus 130 to prevent the other processors 110 and the chipset 120 from acquiring ownership of the processor bus 130 during the launch and execution of the AC module 190 .
  • the processor 110 obtains exclusive ownership of the processor bus 130 by generating a special transaction that provides the other processors 110 and the chipset 120 with a LT.PROCESSOR.HOLD bus message.
  • Other embodiments of launch AC instructions and/or associated operands may specify that the processor bus 130 is to remain unlocked or may specify a different manner to lock the processor bus 130 .
  • the processor 110 in block 420 may configure its private memory 160 for receiving the AC module 190 .
  • the processor 110 may clear the contents of the private memory 160 and may configure control structures associated with the private memory 160 to enable the processor 110 to access the private memory 160 .
  • the processor 110 updates one or more control registers to switch the cache memory 112 to the cache-as-RAM mode and invalidates the contents of its cache memory 112 .
  • Other launch AC instructions and/or associated operands may specify private memory parameters for different implementations of the private memory 160 .
  • the processor 110 in executing these other launch AC instructions may perform different operations in order to prepare the private memory 160 for the AC module 190 .
  • the processor 110 may 1 A enable/configure a memory controller (e.g. PM controller 128 of FIG. 1E) associated with the private memory 160 .
  • the processor 110 may also provide the private memory 160 with a clear, reset, and/or invalidate signal to clear the private memory 160 .
  • the processor 110 may write zeros or some other bit pattern to the private memory 160 , remove power from the private memory 160 , and/or utilize some other mechanism to clear the private memory 160 as specified by the launch AC instruction and/or operands.
  • the processor 110 loads the AC module 190 into its private memory 160 .
  • the processor 110 starts reading from a location of the memory 140 specified by the address operand until a number of bytes specified by the length operand are transferred to its cache memory 112 .
  • Other embodiments of launch AC instructions and/or associated operands may specify parameters for loading the AC module 190 into the private memory 160 in a different manner.
  • the other launch AC instructions and/or associated operands may specify the location of the AC module 190 , the location of the private memory 160 , where the AC module 190 is to be loaded in the private memory 160 , and/or the end of the AC module 190 in numerous different manners.
  • the processor 110 may further lock the private memory 160 .
  • the processor 110 updates one or more control registers to lock its cache memory 112 to prevent external events such as snoop requests from processors or I/O devices from altering the stored lines of the AC module 190 .
  • other launch AC instructions and/or associated operands may specify other operations for the processor 110 .
  • the processor 110 may configure a memory controller (e.g. PM controller 128 of FIG. 1E) associated with the private memory 160 to prevent the other processors 110 and/or chipset 120 from accessing the private memory 160 .
  • the private memory 160 may already be sufficiently locked, thus the processor 110 may take no action in block 428 .
  • the processor in block 432 determines whether the AC module 190 stored in its private memory 160 is authentic based upon a protection mechanism specified by the protection operand of the ENTERAC instruction.
  • the processor 110 retrieves a processor key 116 , chipset key 124 , and/or platform key 152 specified by the protection operand.
  • the processor 110 then RSA-decrypts the signature 240 of the AC module 190 using the retrieved key to obtain the digest value 242 .
  • the processor 110 further hashes the AC module 190 using a SHA-1 hash to obtain a computed digest value.
  • the processor 110 determines that the AC module 190 is authentic in response to the computed digest value and the digest value 242 having an expected relationship (e.g. equal to one another). Otherwise, the processor 110 determines that the AC module 190 is not authenticate.
  • Other launch AC instructions and/or associated operands may specify different authentication parameters.
  • the other launch AC instructions and/or associated operands may specify a different authentication method, different decryption algorithms, and/or different hashing algorithms.
  • the other launch AC instructions and/or associated operands may further specify different key lengths, different key locations, and/or keys for authenticating the AC module 190 .
  • the processor 10 in block 436 In response to determining that the AC module 190 is not authentic; the processor 10 in block 436 generates an error code and terminates execution of the launch AC instruction. Otherwise, the processor 110 in block 440 may update security aspects of the computing device 100 to support execution of the AC module 190 .
  • the processor 110 in block 440 writes a OpenPrivate command to a command register 126 of the chipset 120 to enable the processor 110 to access registers 126 via the private space 142 with normal unprivileged read and write transactions.
  • launch AC instructions and/or associated operands may specify other operations to configure the computing device 100 for AC module execution.
  • a launch AC instruction and/or associated operands may specify that the processor 110 leave the private space 142 in its current state.
  • a launch AC instruction and/or associated operands may also specify that the processor 110 enable and/or disable access to certain computing resources such as protected memory regions, protected storage devices, protected partitions of storage devices, protected files of storage devices, etc.
  • the processor 110 in block 444 may initiate execution of the AC module 190 .
  • the processor 110 loads its instruction pointer register 316 with the physical address provided by the module operand resulting in the processor 110 jumping to and executing the AC module 190 from the execution point 260 specified by the physical address.
  • Other launch AC instructions and/or associated operands may specify the location of the execution point 260 in a number of alternative manners. For example, a launch AC instruction and/or associated operands may result in the processor 110 obtaining the location of the execution point 260 from the AC module 190 itself.
  • FIG. 5 there is depicted a method 500 of terminating an AC module 190 .
  • the method 500 illustrates the operations of a processor 110 in response to executing an example EXITAC instruction having a protection operand, an events operand, and a launch operand.
  • an example EXITAC instruction having a protection operand, an events operand, and a launch operand.
  • one skilled in the art should be able to implement other terminate AC instructions having fewer, additional, and/or different operands without undue experimentation.
  • the processor 110 may clear and/or reconfigure the private memory 160 to prevent further access to the AC module 190 stored in the private memory 160 .
  • the processor 110 invalidates its cache memory 112 and updates control registers to switch the cache memory 112 to the normal cache mode of operation.
  • a terminate AC instruction and/or associated operand may specify private memory parameters for different implementations of the private memory 160 .
  • a terminate AC instruction and/or associated operand may result in the processor 110 performing different operations in order to prepare the computing device 100 for post-AC code execution.
  • the processor 110 may disable a memory controller (e.g. PM controller 128 of FIG. 1E) associated with the private memory 160 to prevent further access to the AC module 190 .
  • the processor 110 may also provide the private memory 160 with a clear, reset, and/or invalidate signal to clear the private memory 160 .
  • the processor 110 may write zeros or some other bit pattern to the private memory 160 ; remove power from the private memory 160 , and/or utilize some other mechanism to clear the private memory 160 as specified by a terminate AC instruction and/or associated operands.
  • the processor 110 in block 506 may update security aspects of the computing device 100 based upon the protection operand to support post-AC code execution.
  • the protection operand specifies whether the processor 110 is to close the private space 142 or leave the private space 142 in its current state. In response to determining to leave the private space 142 in its current state, the processor 110 proceeds to block 510 . Otherwise, the processor 110 closes the private space 142 by writing a ClosePrivate command to a command register 126 to prevent the processors 110 from further accessing the registers 126 via normal unprivileged read and write transactions to the private space 142 .
  • a terminate AC instruction and/or associated operands of another embodiment may result in the processor 110 updating other security aspects of the computing device 100 to support execution of code after the AC module 190 .
  • a terminate AC instruction and/or associated operands may specify that the processor 110 enable and/or disable access to certain computing resources such as protected memory regions, protected storage devices, protected partitions of storage devices, protected files of storage devices, etc.
  • the processor 110 in block 510 may unlock the processor bus 130 to enable other processors 110 and the chipset 120 to acquire ownership of the processor bus 130 .
  • the processor 110 releases exclusive ownership of the, processor bus 130 by generating a special transaction that provides the other processors 110 and the chipset 120 with a LT.PROCESSOR.RELEASE bus message.
  • Other embodiments of terminate AC instructions and/or associated operands may specify that the processor bus 130 is to remain locked or may specify a different manner to unlock the processor bus 130 .
  • the processor 110 in block 514 may update events processing based upon the mask operand.
  • the mask operand specifies whether the processor 110 is to enable events processing or leave events processing in its current state. In response to determining to leave events processing in its current state, the processor 110 proceeds to block 516 . Otherwise, the processor 110 unmasks the INTR, NMI, SMI, INIT, and A20M events to enable processing of such events.
  • Other terminate AC instructions and/or associated operands may specify unmasking fewer, additional, and/or different events. Further, other terminate AC instructions and/or associated operands may explicitly specify the events to be masked and the events to be unmasked.
  • the processor 110 in block 516 terminates execution of the AC module 190 and launches post-AC code specified by the launch operand.
  • the processor 110 updates its code segment register and instruction pointer register with a code segment and segment offset specified by the launch operand. As a result, the processor 110 jumps to and begins executing from an execution point of the post-AC code specified by the code segment and segment offset.
  • terminate AC modules and/or associated operands may specify the execution point of the post-AC code in a number of different manners.
  • a launch AC instruction may result in the processor 110 saving the current instruction pointer to identify the execution point of post-AC code.
  • the terminate AC instruction may retrieve the execution point saved by the launch AC instruction and initiate execution of the post-AC code from the retrieved execution point. In this manner, the terminate AC instruction returns execution to the instruction following the launch AC instruction.
  • the AC module 190 appears to have been called, like a function call or system call, by the invoking code.
  • the computing device 100 comprises processors 110 , a memory interface 620 that provides the processors 110 access to a memory space 640 , and a media interface 170 that provides the processors 110 access to media 180 .
  • the memory space 640 comprises an address space that may span multiple machine readable media from which the processor 110 may execute code such as, for example, firmware, system memory 140 , private memory 160 , hard disk storage, network storage, etc (See, FIGS. 1 A- 1 E).
  • the memory space 640 comprises pre-AC code 642 , an AC module 190 , and post-AC code 646 .
  • the pre-AC code 642 may comprise operating system code, system library code, shared library code, application code, firmware routines, BIOS routines, and/or other routines that may launch execution of an AC module 190 .
  • the post-AC code 646 may similarly comprise operating system code, system library code, shared library code, application code, firmware routines, BIOS routines, and/or other routines that may be executed after the AC module 190 . It should be appreciated that the pre-AC code 642 and the post-AC code 646 may be the same software and/or firmware module or different software and/or firmware modules.
  • FIG. 7A An example embodiment of launching and terminating an AC module is illustrated in FIG. 7A.
  • the computing device 100 stores the AC module 190 into the memory space 640 in response to executing the pre-AC code 642 .
  • the computing device 100 retrieves the AC module 190 from a machine readable medium 180 via the media interface 170 and stores the AC module 190 in the memory space 640 .
  • the computing device 100 may retrieve the AC module 190 from firmware, a hard drive, system memory, network storage, a file server, a web server, etc and may store the retrieved AC module 190 into a system memory 140 of the computing device 100 .
  • the computing device 100 in block 708 loads, authenticates, and initiates execution of the AC module 190 in response to executing the pre-AC code 642 .
  • the pre-AC code 642 may comprise an ENTERAC instruction or another launch AC instruction that results in the computing device 100 transferring the AC module 190 to private memory 160 of the memory space 640 , authenticating the AC module 190 , and invoking execution of the AC module 190 from its execution point.
  • the pre-AC code 642 may comprise a series of instructions that result in the computing device 100 transferring the AC module 190 to private memory 160 of the memory space 640 , authenticating the AC module 190 , and invoking execution of the AC module 190 from its execution point.
  • the computing device 100 executes the code 210 of the AC module 190 (See, FIG. 2).
  • the computing device 100 in block 716 terminates execution of the AC module 190 and initiates execution of the post-AC code 646 of the memory space 640 .
  • the AC module 190 may comprise an EXITAC instruction or another terminate AC instruction that results in the computing device 100 terminating execution of the AC module 190 , updating security aspects of the computing device 100 , and initiating execution of the post-AC code 646 from an execution point of the post-AC code 646 .
  • the AC module 190 may comprise a series of instructions that result in the computing device 100 terminating execution of the AC module 190 and initiating execution of the post-AC code 646 from an execution point of the post-AC code 646 .
  • FIG. 7B Another example embodiment of launching and terminating an AC module is illustrated in FIG. 7B.
  • the computing device 100 stores the AC module 190 into the memory space 640 in response to executing the pre-AC code 642 .
  • the computing device 100 retrieves the AC module 190 from a machine readable medium 180 via the media interface 170 and stores the AC module 190 in the memory space 640 .
  • the computing device 100 may retrieve the AC module 190 from firmware, a hard drive, system memory, network storage, a file server, a web server, etc and stores the retrieved AC module 190 into a system memory 140 of the computing device 100 .
  • the computing device 100 in block 744 loads, authenticates, and initiates execution of the AC module 190 response to executing the pre-AC code 642 .
  • the computing device in block 744 further saves an execution point for the post-AC code 646 that is based upon the instruction pointer.
  • the pre-AC code 642 may comprise an ENTERAC instruction or another launch AC instruction that results in the computing device 100 transferring the AC module 190 to private memory 160 of the memory space 640 , authenticating the AC module 190 , invoking execution of the AC module 190 from its execution point, and saving the instruction pointer so that the processor 110 may return to the instruction following the launch AC instruction after executing the AC module 190 .
  • the pre-AC code 642 may comprise a series of instructions that result in the computing device 100 transferring the AC module 190 to private memory 160 of the memory space 640 , authenticating the AC module 190 , invoking execution of the AC module 190 from its execution point, and saving the instruction pointer.
  • the computing device 100 executes the code 210 of the AC module 190 (See, FIG. 2).
  • the computing device 100 in block 752 terminates execution of the AC module 190 , loads the instruction pointer based execution point saved in block 744 , and initiates execution of the instruction following the launch AC instruction or the series of instructions executed in block 744 .
  • the AC module 190 may comprise an EXITAC instruction or another terminate AC instruction that results in the computing device 100 terminating execution of the AC module 190 , updating security aspects of the computing device 100 , and initiating execution of the post-AC code 646 from an execution point of the post-AC code 646 specified by the instruction pointer saved in block 744 .
  • the AC module 190 may comprise a series of instructions that result in the computing device 100 terminating execution of the AC module 190 , updating security aspects of the computing device 100 , and initiating execution of the post-AC code 646 from an execution point of the post-AC code 646 specified by the instruction pointer saved in block 744 .
  • FIG. 8 illustrates various design representations or formats for simulation, emulation, and fabrication of a design using the disclosed techniques.
  • Data representing a design may represent the design in a number of manners.
  • the hardware may be represented using a hardware description language or another functional description language which essentially provides a computerized model of how the designed hardware is expected to perform.
  • the hardware model 810 may be stored in a storage medium 800 such as a computer memory so that the model may be simulated using simulation software 820 that applies a particular test suite 830 to the hardware model 810 to determine if it indeed functions as intended.
  • the simulation software is not recorded, captured, or contained in the medium.
  • a circuit level model with logic and/or transistor gates may be produced at some stages of the design process.
  • This model may be similarly simulated, sometimes by dedicated hardware simulators that form the model using programmable logic. This type of simulation, taken a degree further, may be an emulation technique.
  • re-configurable hardware is another embodiment that may involve a machine readable medium storing a model employing the disclosed techniques.
  • the data representing the hardware model may be the data specifying the presence or absence of various features on different mask layers for masks used to produce the integrated circuit.
  • this data representing the integrated circuit embodies the techniques disclosed in that the circuitry or logic in the data can be simulated or fabricated to perform these techniques.
  • the data may be stored in any form of a computer readable medium.
  • An optical or electrical wave 860 modulated or otherwise generated to transmit such information, a memory 850 , or a magnetic or optical storage 840 such as a disc may be the medium.
  • the set of bits describing the design or the particular part of the design are an article that may be sold in and of itself or used by others for further design or fabrication.

Abstract

A processor loads, authenticates, and/or initiates execution of authenticated code modules in response to executing launch authenticated code instructions.

Description

    RELATED APPLICATIONS
  • This application is related to application Ser. No. __/___,___, entitled “Authenticated Code Module”; and application Ser. No., __/___,___, entitled “Authenticated Code Method And Apparatus” both filed on the same date as the present application.[0001]
  • BACKGROUND
  • Computing devices execute firmware and/or software code to perform various operations. The code may be in the form of user applications, BIOS routines, operating system routines, etc. Some operating systems provide limited protections for maintaining the integrity of the computing device against rogue code. For example, an administrator may limit users or groups of users to executing certain pre-approved code. Further, an administrator may configure a sandbox or an isolated environment in which untrusted code may be executed until the administrator deems the code trustworthy. While the above techniques provide some protection, they generally require an administrator to manually make a trust determination based upon the provider of the code, historic performance of the code, and/or review of the source code itself. [0002]
  • Other mechanisms have also been introduced to provide automated mechanisms for making a trust decision. For example, an entity (e.g. software manufacturer) may provide the code with a certificate such as a X.509 certificate that digitally signs the code and attests to the integrity of the code. An administrator may configure an operating system to automatically allow users to execute code that provides a certificate from a trusted entity without the administrator specifically analyzing the code in question. While the above technique may be sufficient for some environments, the above technique inherently trusts the operating system or other software executing under the control of the operating system to correctly process the certificate. [0003]
  • Certain operations, however, may not be able to trust the operating system to make such a determination. For example, the code to be executed may result in the computing device determining whether the operating system is to be trusted. Relying on the operating system to authenticate such code would thwart the purpose of the code. Further, the code to be executed may comprise system initialization code that is executed prior to the operating system of the computing device. Such code therefore cannot be authenticated by the operating system.[0004]
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • The invention described herein is illustrated by way of example and not by way of limitation in the accompanying figures. For simplicity and clarity of illustration, elements illustrated in the figures are not necessarily drawn to scale. For example, the dimensions of some elements may be exaggerated relative to other elements for clarity. Further, where considered appropriate, reference numerals have been repeated among the figures to indicate corresponding or analogous elements. [0005]
  • FIGS. [0006] 1A-1E illustrate example embodiments of a computing device having private memory.
  • FIG. 2 illustrates an example authenticated code (AC) module that may launched by the computing device shown in FIGS. [0007] 1A-1E.
  • FIG. 3 illustrates an example embodiment of the processor of the computing device shown in FIGS. [0008] 1A-1E.
  • FIG. 4 illustrates an example method of launching the AC module shown in FIG. 2. [0009]
  • FIG. 5 illustrates an example method of terminating execution of the AC module shown in FIG. 2. [0010]
  • FIG. 6 illustrates another embodiment of the computing device shown in FIGS. [0011] 1A-1E.
  • FIGS. [0012] 7A-7B illustrate example methods of launching and terminating execution of the AC module shown in FIG. 2.
  • FIG. 8 illustrates a system for simulating, emulating, and/or testing the processors of the computing devices shown in FIGS. [0013] 1A-1E.
  • DETAILED DESCRIPTION
  • The following description describes techniques for launching and terminating execution of authenticated code (AC) modules that may be used for various operations such as establishing and/or maintaining a trusted computing environment. In the following description, numerous specific details such as logic implementations, opcodes, means to specify operands, resource partitioning/sharing/duplication implementations, types and interrelationships of system components, and logic partitioning/integration choices are set forth in order to provide a more thorough understanding of the present invention. It will be appreciated, however, by one skilled in the art that the invention may be practiced without such specific details. In other instances, control structures, gate level circuits and full software instruction sequences have not been shown in detail in order not to obscure the invention. Those of ordinary skill in the art, with the included descriptions, will be able to implement appropriate functionality without undue experimentation. [0014]
  • References in the specification to “one embodiment”, “an embodiment”, “an example embodiment”, etc., indicate that the embodiment described may include a particular feature, structure, or characteristic, but every embodiment may not necessarily include the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Further, when a particular feature, structure, or characteristic is described in connection with an embodiment, it is submitted that it is within the knowledge of one skilled in the art to effect such feature, structure, or characteristic in connection with other embodiments whether or not explicitly described. [0015]
  • In the following description and claims, the terms “coupled” and “connected,” along with their derivatives, may be used. It should be understood that these terms are not intended as synonyms for each other. Rather, in particular embodiments, “connected” may be used to indicate that two or more elements are in direct physical or electrical contact with each other. “Coupled” may mean that two or more elements are in direct physical or electrical contact. However, “coupled” may also mean that two or more elements are not in direct contact with each other, but yet still co-operate or interact with each other. [0016]
  • Example embodiments of a [0017] computing device 100 are shown in FIGS. 1A-1E. The computing device 100 may comprise one or more processors 110 coupled to a chipset 120 via a processor bus 130. The chipset 120 may comprise one or more integrated circuit packages or chips that couple the processors 110 to system memory 140, a physical token 150, private memory 160, a media interface 170, and/or other I/O devices of the computing device 100.
  • Each [0018] processor 110 may be implemented as a single integrated circuit, multiple integrated circuits, or hardware with software routines (e.g., binary translation routines). Further, the processors 110 may comprise cache memories 112 and control registers 114 via which the cache memories 112 may be configured to operate in a normal cache mode or in a cache-as-RAM mode. In the normal cache mode, the cache memories 112 satisfy memory requests in response to cache: hits, replace cache lines in response to cache misses, and may invalidate or replace cache lines in response to snoop requests of the processor bus 130. In the cache-as-RAM mode, the cache memories 112 operate as random access memory in which requests within the memory range of the cache memories 112 are satisfied by the cache memories and lines of the cache are not replaced or invalidated in response to snoop requests of the processor bus 130.
  • The [0019] processors 110 may further comprise a key 116 such as, for example, a key of a symmetric cryptographic algorithm (e.g. the well known DES, 3DES, and AES algorithms) or of an asymmetric cryptographic algorithm (e.g. the well-known RSA algorithm). The processor 110 may use the key 116 to authentic an AC module 190 prior to executing the AC module 190.
  • The [0020] processors 110 may support one or more operating modes such as, for example, a real mode, a protected mode, a virtual real mode, and a virtual machine mode (VMX mode). Further, the processors 110 may support one or more privilege levels or rings in each of the supported operating modes. In general, the operating modes and privilege levels of a processor 110 define the instructions available for execution and the effect of executing such instructions. More specifically, a processor 110 may be permitted to execute certain privileged instructions only if the processor 110 is in an appropriate mode and/or privilege level.
  • The [0021] processors 110 may also support locking of the processor bus 130. As a result of locking the processor bus 130, a processor 110 obtains exclusive ownership of the processor bus 130. The other processors 110 and the chipset 120 may not obtain ownership of the processor bus 130 until the processor bus 130 is released. In an example embodiment, a processor 110 may issue a special transaction on the processor bus 130 that provides the other processors 110 and the chipset 120 with a LT.PROCESSOR.HOLD message. The LT.PROCESSOR.HOLD bus message prevents the other processors 110 and the chipset 120 from acquiring ownership of the processor bus 130 until the processor 110 releases the processor bus 130 via a LT.PROCESSOR.RELEASE bus message.
  • The [0022] processors 110 may however support alternative and/or additional methods of locking the processor bus 130. For example, a processor 110 may inform the other processors 110 and/or the chipset 120 of the lock condition by issuing an Inter-Processor Interrupt, asserting a processor bus lock signal, asserting a processor bus request signal, and/or causing the other processors 110 to halt execution. Similarly, the processor 110 may release the processor bus 130 by issuing an Inter-Processor Interrupt, deasserting a processor bus lock signal, deasserting a processor bus request signal, and/or causing the other processors 110 to resume execution.
  • The [0023] processors 110 may further support launching AC modules 190 and terminating execution of AC modules 190. In an example embodiment, the processors 110 support execution of an ENTERAC instruction that loads, authenticates, and initiates execution of an AC module 190 from private memory 160. However, the processors 110 may support additional or different instructions that cause the processors 110 to load, authenticate, and/or initiate execution of an AC module 190. These other instructions may be variants for launching AC modules 190 or may be concerned with other operations that launch AC modules 190 to help accomplish a larger task. Unless denoted otherwise, the ENTERAC instruction and these other instructions are referred to hereafter as launch AC instructions despite the fact that some of these instructions may load, authenticate, and launch an AC module 190 as a side effect of another operation such as, for example, establishing a trusted computing environment.
  • In an example embodiment, the [0024] processors 110 further support execution of an EXITAC instruction that terminates execution of an AC module 190 and initiates post-AC code (See, FIG. 6). However, the processors 110 may support additional or different instructions that result in the processors 110 terminating an AC module 190 and launching post-AC code. These other instructions may be variants of the EXITAC instruction for terminating AC modules 190 or may be instructions concerned primarily with other operations that result in AC modules 190 being terminated as part of a larger operation. Unless denoted otherwise, the EXITAC instruction and these other instructions are referred to hereafter as terminate AC instructions despite the fact that some of these instructions may terminate AC modules 190 and launch post-AC code as a side effect of another operation such as, for example, tearing down a trusted computing environment.
  • The [0025] chipset 120 may comprise a memory controller 122 for controlling access to the memory 140. Further, the chipset 120 may comprise a key 124 that the processor 110 may use to authentic an AC module 190 prior to execution. Similar to the key 116 of the processor 110, the key 124 may comprise a key of a symmetric or asymmetric cryptographic algorithm.
  • The [0026] chipset 120 may also comprise trusted platform registers 126 to control and provide status information about trusted platform features of the chipset 120. In an example embodiment, the chipset 120 maps the trusted platform registers 126 to a private space 142 and/or a public space 144 of the memory 140 to enable the processors 110 to access the trusted platform registers 126 in a consistent manner.
  • For example, the [0027] chipset 120 may map a subset of the registers 126 as read only locations in the public space 144 and may map the registers 126 as read/write locations in the private space 142. The chipset 120 may configure the private space 142 in a manner that enables only processors 110 in the most privileged mode to access its mapped registers 126 with privileged read and write transactions. Further, the chipset 120 may further configure the public space 144 in a manner that enables processors 110 in all privilege modes to access its mapped registers 126 with normal read and write transactions. The chipset 120 may also open the private space 142 in response to an OpenPrivate command being written to a command register 126. As a result of opening the private space 142, the processors 110 may access the private space 142 in the same manner as the public space 144 with normal unprivileged read and write transactions.
  • The [0028] physical token 150 of the computing device 100 comprises protected storage for recording integrity metrics and storing secrets such as, for example, encryption keys. The physical token 150 may perform various integrity functions in response to requests from the processors 110 and the chipset 120. In particular, the physical token 150 may store integrity metrics in a trusted manner, may quote integrity metrics in a trusted manner, may seal secrets such as encryption keys to a particular environment, and may only unseal secrets to the environment to which they were sealed. Hereinafter, the term “platform key” is used to refer to a key that is sealed to a particular hardware and/or software environment. The physical token 150 may be implemented in a number of different manners. However, in an example embodiment, the physical token 150 is implemented to comply with the specification of the Trusted Platform Module (TPM) described in detail in the Trusted Computing Platform Alliance (TCPA) Main Specification, Version 1.1, Jul. 31, 2001.
  • The [0029] private memory 160 may store an AC module 190 in a manner that allows the processor or processors 110 that are to execute the AC module 190 to access the AC module 190 and that prevents other processors 110 and components of the computing device 100 from altering the AC module 190 or interfering with the execution of the AC module 190. As shown in FIG. 1A, the private memory 160 may be implemented with the cache memory 112 of the processor 110 that is executing the launch AC instruction. Alternatively, the private memory 160 may be implemented as a memory area internal to the processor 110 that is separate from its cache memory 112 as shown in FIG. 1B. The private memory 160 may also be implemented as a separate external memory coupled to the processors 110 via a separate dedicated bus as shown in FIG. 1C, thus enabling only the processors 110 having associated external memories to validly execute launch AC instructions.
  • The [0030] private memory 160 may also be implemented via the system memory 140. In such an embodiment, the chipset 120 and/or processors 110 may define certain regions of the memory 140 as private memory 160 (see FIG. 1D) that may be restricted to a specific processor 110 and that may only be accessed by the specific processor 110 when in a particular operating mode. One disadvantage of this implementation is that the processor 110 relies on the memory controller 122 of the chipset 120 to access the private memory 160 and the AC module 190. Accordingly, an AC module 190 may not be able to reconfigure the memory controller 122 without denying the processor 110 access to the AC module 190 and thus causing the processor 110 to abort execution of the AC module 190.
  • The [0031] private memory 160 may also be implemented as a separate memory coupled to a separate private memory controller 128 of the chipset 120 as shown in FIG. 1E. In such an embodiment, the private memory controller 128 may provide a separate interface to the private memory 160. As a result of a separate private memory controller 128, the processor 110 may be able to reconfigure the memory controller 122 for the system memory 140 in a manner that ensures that the processor 110 will be able to access the private memory 160 and the AC module 190. In general, the separate private memory controller 128 overcomes some disadvantages of the embodiment shown in FIG. 1D at the expense of an additional memory and memory controller.
  • The [0032] AC module 190 may be provided in any of a variety of machine readable mediums 180. The media interface 170 provides an interface to a machine readable medium 180 and AC module 190. The machine readable medium 180 may comprise any medium that can store, at least temporarily, information for reading by the machine interface 170. This may include signal transmissions (via wire, optics, or air as the medium) and/or physical storage media such as various types of disk and memory storage devices.
  • Referring now to FIG. 2, an example embodiment of the [0033] AC module 190 is shown in more detail. The AC module 190 may comprise code 210 and data 220. The code 210 comprises one or more code pages 212 and the data 220 comprises one or more data pages 222. Each code page 212 and data page 222 in an example embodiment corresponds to a 4 kilobyte contiguous memory region; however, the code 210 and data 220 may be implemented with different page sizes or in a non-paging manner. The code pages 212 comprise processor instructions to be executed by one or more processors 110 and the data pages 222 comprise data to be accessed by one or more processors 110 and/or scratch pad for storing data generated by one or more processors 110 in response to executing instructions of the code pages 212.
  • The [0034] AC module 190 may further comprise one or more headers 230 that may be part of the code 210 or the data 220. The headers 230 may provide information about the AC module 190 such as, for example, module author, copyright notice, module version, module execution point location, module length, authentication method, etc. The AC module 190 may further comprise a signature 240 which may be a part of the code 210, data 220, and/or headers 230. The signature 240 may provide information about the AC module 190, authentication entity, authentication message, authentication method, and/or digest value.
  • The [0035] AC module 190 may also comprise an end of module marker 250. The end of module marker 250 specifies the end of the AC module 190 and may be used as an alternative to specifying the length of the AC module 190. For example, the code pages 212 and data pages 222 may be specified in a contiguous manner and the end of module marker 250 may comprise a predefined bit pattern that signals the end of the code pages 212 and data pages 222. It should be appreciated that the AC module 190 may specify its length and/or end in a number of different manners. For example, the header 230 may specify the number of bytes or the number of pages the AC module 190 contains. Alternatively, launch AC and terminate AC instructions may expect the AC module 190 be a predefined number of bytes in length or contain a predefined number of pages. Further, launch AC and terminate AC instructions may comprise operands that specify the length of the AC module 190.
  • It should be appreciated that the [0036] AC module 190 may reside in a contiguous region of the memory 140 that is contiguous in the physical memory space or that is contiguous in virtual memory space. Whether physically or virtually contiguous, the locations of the memory 140 that store the AC module 190 may be specified by a starting location and a length and/or end of module marker 250 may specify. Alternatively, the AC module 190 may be stored in memory 140 in neither a physically or a virtually contiguous manner. For example, the AC module 190 may be stored in a data structure such as, for example, a linked list that permits the computing device 100 to store and retrieve the AC module 190 from the memory 140 in a non-contiguous manner.
  • As will be discussed in more detail below, the [0037] example processors 110 support launch AC instructions that load the AC module 190 into private memory 160 and initiate execution of the AC module 190 from an execution point 260. An AC module 190 to be launched by such a launch AC instruction may comprise code 210 which when loaded into the private memory 160 places the execution point 260 at a location specified one or more operands of a launch AC instruction. Alternatively, a launch AC instruction may result in the processor 110 obtaining the location of the execution point 260 from the AC module 190 itself. For example, the code 210, data 220, a header 230, and/or signature 240 may comprise one or more fields that specify the location of the execution point 260.
  • As will be discussed in more detail below, the [0038] example processors 110 support launch AC instructions that authenticated the AC module 190 prior to execution. Accordingly, the AC module 190 may comprise information to support authenticity determinations by the processors 110. For example, the signature 240 may comprise a digest value 242. The digest value 242 may be generated by passing the AC module 190 through a hashing algorithm (e.g. SHA-1 or MD5) or some other algorithm. The signature 240 may also be encrypted to prevent alteration of the digest value 242 via an encryption algorithm (e.g. DES, 3DES, AES, and/or RSA algorithms). In example embodiment, the signature 240 is RSA-encrypted with the private key that corresponds to a public key of the processor key 116, the chipset key 120, and/or platform key 152.
  • It should be appreciated that the [0039] AC module 190 may be authenticated via other mechanisms. For example, the AC module 190 may utilize different hashing algorithms or different encryption algorithms. Further, the AC module 190 may comprise information in the code 210, data 220, headers 230, and/or signature 240 that indicate which algorithms were used. The AC module 190 may also be protected by encrypting the whole AC module 190 for decryption via a symmetric or asymmetric key of the processor key 116, chipset key 124, or platform key 152.
  • An example embodiment of the [0040] processor 110 is illustrated in more detail in FIG. 3. As depicted, the processor 110 may comprise a front end 302, a register file 306, one or more execution units 370, and a retirement unit or back end 380. The front end 302 comprises a processor bus interface 304, a fetching unit 330 having instruction and instruction pointer registers 314, 316, a decoder 340, an instruction queue 350, and one or more cache memories 360. The register file 306 comprises general purpose registers 312, status/control registers 318, and other registers 320. The fetching unit 330 fetches the instructions specified by the instruction pointer registers 316 from the memory 140 via the processor bus interface 304 or the cache memories 360 and stores the fetched instructions in the instruction registers 314.
  • An [0041] instruction register 314 may contain more than one instruction. According, the decoder 340 identifies the instructions in the instruction registers 314 and places the identified instructions in the instruction queue 350 in a form suitable for execution. For example, the decoder 340 may generate and store one or more micro-operations (uops) for each identified instruction in the instruction queue 350. Alternatively, the decoder 340 may generate and store a single macro-operation (Mop) for each identified instruction in the instruction queue 350. Unless indicated otherwise the term ops is used hereafter to refer to both uops and Mops.
  • The [0042] processor 110 further comprises one or more execution units 370 that perform the operations dictated by the ops of the instruction queue 350. For example, the execution units 370 may comprise hashing units, decryption units, and/or microcode units that implement authentication operations that may be used to authenticate the AC module 190. The execution units 370 may perform in-order execution of the ops stored in the instruction queue 350. However, in an example embodiment, the processor 110 supports out-of-order execution of ops by the execution units 370. In such an embodiment, the processor 110 may further comprise a retirement unit 380 that removes ops from the instruction queue 350 in-order and commits the results of executing the ops to one or more registers 312, 314, 316, 318, 320 to insure proper in-order results.
  • The [0043] decoder 340 may generate one or more ops for an identified launch AC instruction and the execution units 370 may load, authenticate, and/or initiate execution of an AC module 190 in response to executing the associated ops. Further, the decoder 340 may generate one or more ops for an identified terminate AC instruction and the execution units 370 may terminate execution of an AC module 190, adjust security aspects of the computing device 100, and/or initiate execution of post-AC code in response to executing the associated ops.
  • In particular, the [0044] decoder 340 may generate one or more ops that depend on the launch AC instruction and the zero or more operands associated with the launch AC instruction. Each launch AC instruction and its associated operands specify parameters for launching the AC module 190. For example, the launch AC instruction and/or operands may specify parameters about the AC module 190 such as AC module location, AC module length, and/or AC module execution point. The launch AC instruction and/or operands may also specify parameters about the private memory 160 such as, for example, private memory location, private memory length, and/or private memory implementation. The launch AC instruction and/or operands may further specify parameters for authenticating the AC module 190 such as specifying which authentication algorithms, hashing algorithms, decryption,algorithms, and/or other algorithms are to be used. The launch AC instruction and/.or operands may further specify parameters for the algorithms such as, for example, key length, key location, and/or keys. The launch AC instruction and/or operands may further specify parameters to configure the computer system 100 for AC module launch such as, for example, specifying events to be masked/unmasked and/or security capabilities to be updated.
  • The launch AC instructions and/or operands may provide fewer, additional, and/or different parameters than those described above. Furthermore, the launch AC instructions may comprise zero or more explicit operands and/or implicit operands. For example, the launch AC instruction may have operand values implicitly specified by processor registers and/or memory locations despite the launch AC instruction itself not comprising fields that define the location of these operands. Furthermore, the launch AC instruction may explicitly specify the operands via various techniques such as, for example, immediate data, register identification, absolute addresses, and/or relative addresses. [0045]
  • The [0046] decoder 340 may also generate one or more ops that depend on the terminate AC instructions and the zero or more operands associated with the terminate AC instructions. Each terminate AC instruction and its associated operands specify parameters for terminating execution of the AC module 190. For example, the terminate AC instruction and/or operands may specify parameters about the AC module 190 such as AC module location and/or AC module length. The terminate AC instruction and/or operands may also specify parameters about the private memory 160 such as, for example, private memory location, private memory length, and/or private implementation. The terminate AC instruction and/or operands may specify parameters about launching post-AC code such as, for example., launching method and/or post-AC code execution point. The terminate AC instruction and/or operands may further specify parameters to configure the computer system 100 for post-AC code execution such as, for example, specifying events to be masked/unmasked and/or security capabilities to be updated.
  • The terminate AC instructions and/or operands may provide fewer, additional, and/or different parameters than those described above. Furthermore, the terminate AC instructions may comprise zero or more explicit operands and/or implicit operands in a manner as described above in regard to the launch AC instructions. [0047]
  • Referring now to FIG. 4, there is depicted a [0048] method 400 of launching an AC module 190. In particular, the method 400 illustrates the operations of a processor 110 in response to executing an example ENTERAC instruction having an authenticate operand, a module operand, and a length operand. However, one skilled in the art should be able implement other launch AC instructions having fewer, additional, and/or different operands without undue experimentation.
  • In [0049] block 404, the processor 110 determines whether the environment is appropriate to start execution of an AC module 190. For example, the processor 110 may verify that its current privilege level, operating mode, and/or addressing mode are appropriate. Further, if the processor supports multiple hardware threads, the processor may verify that all other threads have halted. The processor 110 may further verify that the chipset 120 meets certain requirements. In an example embodiment of the ENTERAC instruction, the processor 110 determines that the environment is appropriate in response to determining that the processor 110 is in a protected flat mode of operation, that the processor's current privilege level is 0, that the processor 110 has halted all other threads of execution, and that the chipset 120 provides trusted platform capabilities as indicated by one or more registers 126. Other embodiments of launch AC instructions may define appropriate environments differently. Other launch AC instructions and/or associated operands may specify environment requirements that result in the processor 110 verifying fewer, additional, and/or different parameters of its environment.
  • In response to determining that the environment is inappropriate for launching an [0050] AC module 190, the processor 110 may terminate the ENTERAC instruction with an appropriate error code (block 408). Alternatively, the processor 110 may further trap to some more trusted software layer to permit emulation of the ENTERAC instruction.
  • Otherwise, the [0051] processor 110 in block 414 may update event processing to support launching the AC module 190. In an example embodiment of the ENTERAC instruction, the processor 110 masks processing of the INTR, NMI, SMI, INIT, and A20M events. Other launch AC instructions and/or associated operands may specify masking fewer, additional, and/or different events. Further, other launch AC instructions and/or associated operands may explicitly specify the events to be masked and the events to be unmasked. Alternatively, other embodiments may avoid masking events by causing the computing device 100 to execute trusted code such as, for example, event handlers of the AC module 190 in response to such events.
  • The [0052] processor 110 in block 416 may lock the processor bus 130 to prevent the other processors 110 and the chipset 120 from acquiring ownership of the processor bus 130 during the launch and execution of the AC module 190. In an example embodiment of the ENTERAC instruction, the processor 110 obtains exclusive ownership of the processor bus 130 by generating a special transaction that provides the other processors 110 and the chipset 120 with a LT.PROCESSOR.HOLD bus message. Other embodiments of launch AC instructions and/or associated operands may specify that the processor bus 130 is to remain unlocked or may specify a different manner to lock the processor bus 130.
  • The [0053] processor 110 in block 420 may configure its private memory 160 for receiving the AC module 190. The processor 110 may clear the contents of the private memory 160 and may configure control structures associated with the private memory 160 to enable the processor 110 to access the private memory 160. In an example embodiment of the ENTERAC instruction, the processor 110 updates one or more control registers to switch the cache memory 112 to the cache-as-RAM mode and invalidates the contents of its cache memory 112.
  • Other launch AC instructions and/or associated operands may specify private memory parameters for different implementations of the [0054] private memory 160. (See, for example, FIGS. 1A-1E). Accordingly, the processor 110 in executing these other launch AC instructions may perform different operations in order to prepare the private memory 160 for the AC module 190. For example, the processor 110 may 1A enable/configure a memory controller (e.g. PM controller 128 of FIG. 1E) associated with the private memory 160. The processor 110 may also provide the private memory 160 with a clear, reset, and/or invalidate signal to clear the private memory 160. Alternatively, the processor 110 may write zeros or some other bit pattern to the private memory 160, remove power from the private memory 160, and/or utilize some other mechanism to clear the private memory 160 as specified by the launch AC instruction and/or operands.
  • In [0055] block 424, the processor 110 loads the AC module 190 into its private memory 160. In an example embodiment of the ENTERAC instruction, the processor 110 starts reading from a location of the memory 140 specified by the address operand until a number of bytes specified by the length operand are transferred to its cache memory 112. Other embodiments of launch AC instructions and/or associated operands may specify parameters for loading the AC module 190 into the private memory 160 in a different manner. For example, the other launch AC instructions and/or associated operands may specify the location of the AC module 190, the location of the private memory 160, where the AC module 190 is to be loaded in the private memory 160, and/or the end of the AC module 190 in numerous different manners.
  • In [0056] block 428, the processor 110 may further lock the private memory 160. In an example embodiment of the ENTERAC instruction, the processor 110 updates one or more control registers to lock its cache memory 112 to prevent external events such as snoop requests from processors or I/O devices from altering the stored lines of the AC module 190. However, other launch AC instructions and/or associated operands may specify other operations for the processor 110. For example, the processor 110 may configure a memory controller (e.g. PM controller 128 of FIG. 1E) associated with the private memory 160 to prevent the other processors 110 and/or chipset 120 from accessing the private memory 160. In some embodiments, the private memory 160 may already be sufficiently locked, thus the processor 110 may take no action in block 428.
  • The processor in block [0057] 432 determines whether the AC module 190 stored in its private memory 160 is authentic based upon a protection mechanism specified by the protection operand of the ENTERAC instruction. In an example embodiment of the ENTERAC instruction, the processor 110 retrieves a processor key 116, chipset key 124, and/or platform key 152 specified by the protection operand. The processor 110 then RSA-decrypts the signature 240 of the AC module 190 using the retrieved key to obtain the digest value 242. The processor 110 further hashes the AC module 190 using a SHA-1 hash to obtain a computed digest value. The processor 110 then determines that the AC module 190 is authentic in response to the computed digest value and the digest value 242 having an expected relationship (e.g. equal to one another). Otherwise, the processor 110 determines that the AC module 190 is not authenticate.
  • Other launch AC instructions and/or associated operands may specify different authentication parameters. For example, the other launch AC instructions and/or associated operands may specify a different authentication method, different decryption algorithms, and/or different hashing algorithms. The other launch AC instructions and/or associated operands may further specify different key lengths, different key locations, and/or keys for authenticating the [0058] AC module 190.
  • In response to determining that the [0059] AC module 190 is not authentic; the processor 10 in block 436 generates an error code and terminates execution of the launch AC instruction. Otherwise, the processor 110 in block 440 may update security aspects of the computing device 100 to support execution of the AC module 190. In an example embodiment of the ENTERAC instruction, the processor 110 in block 440 writes a OpenPrivate command to a command register 126 of the chipset 120 to enable the processor 110 to access registers 126 via the private space 142 with normal unprivileged read and write transactions.
  • Other launch AC instructions and/or associated operands may specify other operations to configure the [0060] computing device 100 for AC module execution. For example, a launch AC instruction and/or associated operands may specify that the processor 110 leave the private space 142 in its current state. A launch AC instruction and/or associated operands may also specify that the processor 110 enable and/or disable access to certain computing resources such as protected memory regions, protected storage devices, protected partitions of storage devices, protected files of storage devices, etc.
  • After updating security aspects of the [0061] computing device 100, the processor 110 in block 444 may initiate execution of the AC module 190. In an example embodiment of the ENTERAC instruction, the processor 110 loads its instruction pointer register 316 with the physical address provided by the module operand resulting in the processor 110 jumping to and executing the AC module 190 from the execution point 260 specified by the physical address. Other launch AC instructions and/or associated operands may specify the location of the execution point 260 in a number of alternative manners. For example, a launch AC instruction and/or associated operands may result in the processor 110 obtaining the location of the execution point 260 from the AC module 190 itself.
  • Referring now to FIG. 5, there is depicted a [0062] method 500 of terminating an AC module 190. In particular, the method 500 illustrates the operations of a processor 110 in response to executing an example EXITAC instruction having a protection operand, an events operand, and a launch operand. However, one skilled in the art should be able to implement other terminate AC instructions having fewer, additional, and/or different operands without undue experimentation.
  • In block [0063] 504, the processor 110 may clear and/or reconfigure the private memory 160 to prevent further access to the AC module 190 stored in the private memory 160. In an example embodiment of the EXITAC instruction, the processor 110 invalidates its cache memory 112 and updates control registers to switch the cache memory 112 to the normal cache mode of operation.
  • A terminate AC instruction and/or associated operand may specify private memory parameters for different implementations of the [0064] private memory 160. (See, for example, FIGS. 1A-1E). Accordingly, a terminate AC instruction and/or associated operand may result in the processor 110 performing different operations in order to prepare the computing device 100 for post-AC code execution. For example, the processor 110 may disable a memory controller (e.g. PM controller 128 of FIG. 1E) associated with the private memory 160 to prevent further access to the AC module 190. The processor 110 may also provide the private memory 160 with a clear, reset, and/or invalidate signal to clear the private memory 160. Alternatively, the processor 110 may write zeros or some other bit pattern to the private memory 160; remove power from the private memory 160, and/or utilize some other mechanism to clear the private memory 160 as specified by a terminate AC instruction and/or associated operands.
  • The [0065] processor 110 in block 506 may update security aspects of the computing device 100 based upon the protection operand to support post-AC code execution. In an example embodiment of the EXITAC instruction, the protection operand specifies whether the processor 110 is to close the private space 142 or leave the private space 142 in its current state. In response to determining to leave the private space 142 in its current state, the processor 110 proceeds to block 510. Otherwise, the processor 110 closes the private space 142 by writing a ClosePrivate command to a command register 126 to prevent the processors 110 from further accessing the registers 126 via normal unprivileged read and write transactions to the private space 142.
  • A terminate AC instruction and/or associated operands of another embodiment may result in the [0066] processor 110 updating other security aspects of the computing device 100 to support execution of code after the AC module 190. For example, a terminate AC instruction and/or associated operands may specify that the processor 110 enable and/or disable access to certain computing resources such as protected memory regions, protected storage devices, protected partitions of storage devices, protected files of storage devices, etc.
  • The [0067] processor 110 in block 510 may unlock the processor bus 130 to enable other processors 110 and the chipset 120 to acquire ownership of the processor bus 130. In an example embodiment of the EXITAC-instruction, the processor 110 releases exclusive ownership of the, processor bus 130 by generating a special transaction that provides the other processors 110 and the chipset 120 with a LT.PROCESSOR.RELEASE bus message. Other embodiments of terminate AC instructions and/or associated operands may specify that the processor bus 130 is to remain locked or may specify a different manner to unlock the processor bus 130.
  • The [0068] processor 110 in block 514 may update events processing based upon the mask operand. In example embodiment of the EXITAC instruction, the mask operand specifies whether the processor 110 is to enable events processing or leave events processing in its current state. In response to determining to leave events processing in its current state, the processor 110 proceeds to block 516. Otherwise, the processor 110 unmasks the INTR, NMI, SMI, INIT, and A20M events to enable processing of such events. Other terminate AC instructions and/or associated operands may specify unmasking fewer, additional, and/or different events. Further, other terminate AC instructions and/or associated operands may explicitly specify the events to be masked and the events to be unmasked.
  • The [0069] processor 110 in block 516 terminates execution of the AC module 190 and launches post-AC code specified by the launch operand. In an example embodiment of the EXITAC instruction, the processor 110 updates its code segment register and instruction pointer register with a code segment and segment offset specified by the launch operand. As a result, the processor 110 jumps to and begins executing from an execution point of the post-AC code specified by the code segment and segment offset.
  • Other terminate AC modules and/or associated operands may specify the execution point of the post-AC code in a number of different manners. For example, a launch AC instruction may result in the [0070] processor 110 saving the current instruction pointer to identify the execution point of post-AC code. In such an embodiment, the terminate AC instruction may retrieve the execution point saved by the launch AC instruction and initiate execution of the post-AC code from the retrieved execution point. In this manner, the terminate AC instruction returns execution to the instruction following the launch AC instruction. Further, in such an embodiment, the AC module 190 appears to have been called, like a function call or system call, by the invoking code.
  • Another embodiment of the [0071] computing device 100 is shown in FIG. 6. The computing device 100 comprises processors 110, a memory interface 620 that provides the processors 110 access to a memory space 640, and a media interface 170 that provides the processors 110 access to media 180. The memory space 640 comprises an address space that may span multiple machine readable media from which the processor 110 may execute code such as, for example, firmware, system memory 140, private memory 160, hard disk storage, network storage, etc (See, FIGS. 1A-1E). The memory space 640 comprises pre-AC code 642, an AC module 190, and post-AC code 646. The pre-AC code 642 may comprise operating system code, system library code, shared library code, application code, firmware routines, BIOS routines, and/or other routines that may launch execution of an AC module 190. The post-AC code 646 may similarly comprise operating system code, system library code, shared library code, application code, firmware routines, BIOS routines, and/or other routines that may be executed after the AC module 190. It should be appreciated that the pre-AC code 642 and the post-AC code 646 may be the same software and/or firmware module or different software and/or firmware modules.
  • An example embodiment of launching and terminating an AC module is illustrated in FIG. 7A. In [0072] block 704, the computing device 100 stores the AC module 190 into the memory space 640 in response to executing the pre-AC code 642. In an example embodiment, the computing device 100 retrieves the AC module 190 from a machine readable medium 180 via the media interface 170 and stores the AC module 190 in the memory space 640. For example, the computing device 100 may retrieve the AC module 190 from firmware, a hard drive, system memory, network storage, a file server, a web server, etc and may store the retrieved AC module 190 into a system memory 140 of the computing device 100.
  • The [0073] computing device 100 in block 708 loads, authenticates, and initiates execution of the AC module 190 in response to executing the pre-AC code 642. For example, the pre-AC code 642 may comprise an ENTERAC instruction or another launch AC instruction that results in the computing device 100 transferring the AC module 190 to private memory 160 of the memory space 640, authenticating the AC module 190, and invoking execution of the AC module 190 from its execution point. Alternatively, the pre-AC code 642 may comprise a series of instructions that result in the computing device 100 transferring the AC module 190 to private memory 160 of the memory space 640, authenticating the AC module 190, and invoking execution of the AC module 190 from its execution point.
  • In [0074] block 712, the computing device 100 executes the code 210 of the AC module 190 (See, FIG. 2). The computing device 100, in block 716 terminates execution of the AC module 190 and initiates execution of the post-AC code 646 of the memory space 640. For example, the AC module 190 may comprise an EXITAC instruction or another terminate AC instruction that results in the computing device 100 terminating execution of the AC module 190, updating security aspects of the computing device 100, and initiating execution of the post-AC code 646 from an execution point of the post-AC code 646. Alternatively, the AC module 190 may comprise a series of instructions that result in the computing device 100 terminating execution of the AC module 190 and initiating execution of the post-AC code 646 from an execution point of the post-AC code 646.
  • Another example embodiment of launching and terminating an AC module is illustrated in FIG. 7B. In [0075] block 740, the computing device 100 stores the AC module 190 into the memory space 640 in response to executing the pre-AC code 642. In an example embodiment, the computing device 100 retrieves the AC module 190 from a machine readable medium 180 via the media interface 170 and stores the AC module 190 in the memory space 640. For example, the computing device 100 may retrieve the AC module 190 from firmware, a hard drive, system memory, network storage, a file server, a web server, etc and stores the retrieved AC module 190 into a system memory 140 of the computing device 100.
  • The [0076] computing device 100 in block 744 loads, authenticates, and initiates execution of the AC module 190 response to executing the pre-AC code 642. The computing device in block 744 further saves an execution point for the post-AC code 646 that is based upon the instruction pointer. For example, the pre-AC code 642 may comprise an ENTERAC instruction or another launch AC instruction that results in the computing device 100 transferring the AC module 190 to private memory 160 of the memory space 640, authenticating the AC module 190, invoking execution of the AC module 190 from its execution point, and saving the instruction pointer so that the processor 110 may return to the instruction following the launch AC instruction after executing the AC module 190. Alternatively, the pre-AC code 642 may comprise a series of instructions that result in the computing device 100 transferring the AC module 190 to private memory 160 of the memory space 640, authenticating the AC module 190, invoking execution of the AC module 190 from its execution point, and saving the instruction pointer.
  • In [0077] block 748, the computing device 100 executes the code 210 of the AC module 190 (See, FIG. 2). The computing device 100 in block 752 terminates execution of the AC module 190, loads the instruction pointer based execution point saved in block 744, and initiates execution of the instruction following the launch AC instruction or the series of instructions executed in block 744. For example, the AC module 190 may comprise an EXITAC instruction or another terminate AC instruction that results in the computing device 100 terminating execution of the AC module 190, updating security aspects of the computing device 100, and initiating execution of the post-AC code 646 from an execution point of the post-AC code 646 specified by the instruction pointer saved in block 744. Alternatively, the AC module 190 may comprise a series of instructions that result in the computing device 100 terminating execution of the AC module 190, updating security aspects of the computing device 100, and initiating execution of the post-AC code 646 from an execution point of the post-AC code 646 specified by the instruction pointer saved in block 744.
  • FIG. 8 illustrates various design representations or formats for simulation, emulation, and fabrication of a design using the disclosed techniques. Data representing a design may represent the design in a number of manners. First, as is useful in simulations, the hardware may be represented using a hardware description language or another functional description language which essentially provides a computerized model of how the designed hardware is expected to perform. The [0078] hardware model 810 may be stored in a storage medium 800 such as a computer memory so that the model may be simulated using simulation software 820 that applies a particular test suite 830 to the hardware model 810 to determine if it indeed functions as intended. In some embodiments, the simulation software is not recorded, captured, or contained in the medium.
  • Additionally, a circuit level model with logic and/or transistor gates may be produced at some stages of the design process. This model may be similarly simulated, sometimes by dedicated hardware simulators that form the model using programmable logic. This type of simulation, taken a degree further, may be an emulation technique. In any case, re-configurable hardware is another embodiment that may involve a machine readable medium storing a model employing the disclosed techniques. [0079]
  • Furthermore, most designs, at some stage, reach a level of data representing the physical placement of various devices in the hardware model. In the case where conventional semiconductor fabrication techniques are used, the data representing the hardware model may be the data specifying the presence or absence of various features on different mask layers for masks used to produce the integrated circuit. Again, this data representing the integrated circuit embodies the techniques disclosed in that the circuitry or logic in the data can be simulated or fabricated to perform these techniques. [0080]
  • In any representation of the design, the data may be stored in any form of a computer readable medium. An optical or [0081] electrical wave 860 modulated or otherwise generated to transmit such information, a memory 850, or a magnetic or optical storage 840 such as a disc may be the medium. The set of bits describing the design or the particular part of the design are an article that may be sold in and of itself or used by others for further design or fabrication.
  • While certain exemplary embodiments have been described and shown in the accompanying drawings, it is to be understood that such embodiments are merely illustrative of and not restrictive on the broad invention, and that this invention not be limited to the specific constructions and arrangements shown and described, since various other modifications may occur to those ordinarily skilled in the art upon studying this disclosure. [0082]

Claims (39)

What is claimed is:
1. A processor comprising
private memory; and
one or more execution units to authenticate an authenticated code module stored in the private memory and to execute the authenticated code module stored in the private memory in response to executing a launch instruction.
2. The processor of claim 1 further comprising a cache memory that provides the private memory.
3. The processor of claim 2 wherein the execution units load authentication code module into the cache memory in response to executing the launch instruction.
4. The processor of claim 3 wherein the execution units lock the cache memory to prevent replacement of lines of the authenticated code module stored in the cache memory.
5. The processor of claim 1 wherein the execution units lock the private memory to prevent other processors from altering the authenticated code module stored in the private memory.
6. The processor of claim 1 further comprising a decoder to generate one or more opcodes for the launch instruction, wherein the execution units authenticate and execute the authenticated code module in response to executing the one or more opcodes.
7. The processor of claim 1 further comprising a key, wherein the execution units utilize the key to authenticate the authenticated code module.
8. The processor of claim 1, wherein the execution units retrieve a key specified by one or more operands of the launch instruction and use the key to authenticate the authenticated code module stored in the protected memory.
9. The processor of claim 1, wherein the execution units, in response to the launch instruction, retrieve a key from a chipset and use the key to authenticate the authenticated code module stored in the protected memory.
10. The processor of claim 1, wherein the execution units, in response to the launch instruction, retrieve a key from a token and use the key to authenticate the authenticated code module stored in the protected memory.
11. The processor of claim 1, wherein the execution units, in response to the launch instruction, use a key of the processor to authenticate the authenticated code module stored in the protected memory.
12. The processor of claim 1, wherein the execution units, in response to the launch instruction, decrypt at least a portion of the authentication module stored in the private memory.
13. The processor of claim 1, wherein the execution units, in response to the launch instruction, decrypt at least a portion of the authentication module to obtain a digest value, and determine whether the authentication module is authentic based upon the digest value.
14. The processor of claim 1, wherein the execution units, in response to the launch instruction, obtain a digest value for the authentication code module, generate a computed digest value from at least a portion of the authenticated code module, and determine that the authenticated code module is authentic in response to the digest value and the computed digest value having a predetermined relationship.
15. The processor of claim 1, wherein the execution units, in response to the launch instruction, RSA-decrypt a signature of the authentication code module to obtain a digest value from the signature, perform a SHA-1 hash on the authenticated code module to generate a computed digest value, and determine that the authenticated code module is authentic in response to the digest value and the computed digest value being equal.
16. The processor of claim 1, wherein the execution units initiate execution of the authenticated code module only if the authenticated code module is determined to be authentic.
17. The processor of claim 16, wherein the execution units generate an error code in response to determining that the authenticated code module is not authentic.
18. The processor of claim 17, wherein the execution units generate a trap in response to determining that the authenticated code module is not authentic.
19. The processor of claim 1, wherein the execution units execute the authenticated code module from a execution point specified by one or more operands of the launch instruction.
20. The processor of claim 1, wherein the execution units execute the authenticated code module from an execution point specified by one or more fields of the authenticate code module.
21. The processor of claim 1, wherein the execution units mask one or more events selected from a group of events comprising INTR, NMI, SMI, INIT, and A20M events in response to executing the launch instruction.
22. The processor of claim 1, wherein the execution units authenticate and initiate execution of the authenticated code module stored in the private memory in response to executing microcode associated with the launch AC instruction.
23. The processor of claim 1, embodied in a machine readable medium.
24. A processor, comprising
a front end to fetch an instruction; and
one or more execution units to execute the instruction that results in the one or more execution units retrieving a key and authenticating an authenticated code module.
25. The processor of claim 24, wherein the front end generates one or more ops for the instruction, and execution of the instruction results in the execution units executing the one or more ops.
26. The processor of claim 24 further comprising a processor key, wherein execution of the instruction results in the execution units authenticating the authenticated code module based upon the processor key.
27. The processor of claim 24, wherein execution of the instruction results in the execution units loading the authenticated code module into a private memory associated with the processor.
28. The processor of claim 24, wherein execution of the instruction results in the execution units obtaining a digest value from the authenticated code module, hashing the authenticated code module to generate a computed digest value, and initiating execution of the authenticated code module in response to the digest value and the computed digest value having a predetermined relationship.
29. The processor of claim 28, wherein execution of the instruction results in the execution units generating an error code in response to determining that the digest value and the computed digest value do not have the predetermined relationship.
30. The processor of claim 28, wherein execution of the instruction results in the execution units initiating execution of the authenticated code module from an execution point specified by one or more operands of the instruction.
31. The processor of claim 24, wherein execution of the instruction results in the execution units initiating execution of the authenticated code module from an execution point specified by one or more fields of the authenticate code module.
32. The processor of claim 24, wherein the execution units authenticate the authenticated code module in response to executing microcode of the processor.
33. The processor of claim 24, embodied in a machine readable medium.
34. A processor, comprising
a cache memory;
a front end to fetch an instruction; and
one or more execution units to execute the instruction that results in the one or more execution units loading an authentication module into the cache memory and authenticating the authenticated code module stored in the cache memory.
35. The processor of claim 34, wherein the execution units initiate execution of the authenticated code module stored in the cache memory in response to determining that the authenticated code module is authentic.
36. The processor of claim 35, wherein the execution units retrieve a key and authenticate the authenticated code module based upon the key.
37. The processor of claim 36, wherein the execution units obtain a digest value by decrypting a portion of the authenticated code module with the key, generated a computed digest value, and determine authenticity of the authenticated code based upon a relationship between the digest value and the computed digest value.
38. The processor of claim 36, wherein the execution units retrieve the key and authenticate the authenticated code module in response to executing microcode.
39. The processor of claim 38 embodied in a machine readable medium.
US10/039,961 2001-12-31 2001-12-31 Processor supporting execution of an authenticated code instruction Abandoned US20030126453A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US10/039,961 US20030126453A1 (en) 2001-12-31 2001-12-31 Processor supporting execution of an authenticated code instruction

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US10/039,961 US20030126453A1 (en) 2001-12-31 2001-12-31 Processor supporting execution of an authenticated code instruction

Publications (1)

Publication Number Publication Date
US20030126453A1 true US20030126453A1 (en) 2003-07-03

Family

ID=21908314

Family Applications (1)

Application Number Title Priority Date Filing Date
US10/039,961 Abandoned US20030126453A1 (en) 2001-12-31 2001-12-31 Processor supporting execution of an authenticated code instruction

Country Status (1)

Country Link
US (1) US20030126453A1 (en)

Cited By (56)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030163723A1 (en) * 2002-02-25 2003-08-28 Kozuch Michael A. Method and apparatus for loading a trustable operating system
US20030188173A1 (en) * 2002-03-26 2003-10-02 Zimmer Vincent J. Hardened extended firmware interface framework
US20030188113A1 (en) * 2002-03-29 2003-10-02 Grawrock David W. System and method for resetting a platform configuration register
US20030204693A1 (en) * 2002-04-30 2003-10-30 Moran Douglas R. Methods and arrangements to interface memory
US20030217250A1 (en) * 2002-04-16 2003-11-20 Steve Bennett Control register access virtualization performance improvement in the virtual-machine architecture
US20040003323A1 (en) * 2002-06-29 2004-01-01 Steve Bennett Control over faults occurring during the operation of guest software in the virtual-machine architecture
US20040003324A1 (en) * 2002-06-29 2004-01-01 Richard Uhlig Handling faults associated with operation of guest software in the virtual-machine architecture
US20040103281A1 (en) * 2002-11-27 2004-05-27 Brickell Ernie F. System and method for establishing trust without revealing identity
US20040117532A1 (en) * 2002-12-11 2004-06-17 Bennett Steven M. Mechanism for controlling external interrupts in a virtual machine system
US20040117593A1 (en) * 2002-12-12 2004-06-17 Richard Uhlig Reclaiming existing fields in address translation data structures to extend control over memory acceses
US20040117625A1 (en) * 2002-12-16 2004-06-17 Grawrock David W. Attestation using both fixed token and portable token
US20050060702A1 (en) * 2003-09-15 2005-03-17 Bennett Steven M. Optimizing processor-managed resources based on the behavior of a virtual machine monitor
US20050071840A1 (en) * 2003-09-15 2005-03-31 Gilbert Neiger Use of multiple virtual machine monitors to handle privileged events
US20050080965A1 (en) * 2003-09-30 2005-04-14 Bennett Steven M. Mechanism to control hardware interrupt acknowledgement in a virtual machine system
US20050114610A1 (en) * 2003-11-26 2005-05-26 Robinson Scott H. Accessing private data about the state of a data processing machine from storage that is publicly accessible
US20050133582A1 (en) * 2003-12-22 2005-06-23 Bajikar Sundeep M. Method and apparatus for providing a trusted time stamp in an open platform
US20050180572A1 (en) * 2004-02-18 2005-08-18 Graunke Gary L. Apparatus and method for distributing private keys to an entity with minimal secret, unique information
US6976162B1 (en) 2000-06-28 2005-12-13 Intel Corporation Platform and method for establishing provable identities while maintaining privacy
US20060020785A1 (en) * 2004-06-30 2006-01-26 Grawrock David W Secure distribution of a video card public key
US20060069903A1 (en) * 2004-09-30 2006-03-30 Fischer Stephen A Method and apparatus for establishing safe processor operating points
US20060224878A1 (en) * 2005-03-31 2006-10-05 Intel Corporation System and method for trusted early boot flow
US20070006306A1 (en) * 2005-06-30 2007-01-04 Jean-Pierre Seifert Tamper-aware virtual TPM
US20070083739A1 (en) * 2005-08-29 2007-04-12 Glew Andrew F Processor with branch predictor
US20070086588A1 (en) * 2002-04-17 2007-04-19 Microsoft Corporation Saving and Retrieving Data Based on Symmetric Key Encryption
US20080133893A1 (en) * 2005-08-29 2008-06-05 Centaurus Data Llc Hierarchical register file
US20080133885A1 (en) * 2005-08-29 2008-06-05 Centaurus Data Llc Hierarchical multi-threading processor
US20080133889A1 (en) * 2005-08-29 2008-06-05 Centaurus Data Llc Hierarchical instruction scheduler
US20100017625A1 (en) * 2003-11-20 2010-01-21 Johnson Richard C Architecure, system, and method for operating on encrypted and/or hidden information
US7681046B1 (en) 2003-09-26 2010-03-16 Andrew Morgan System with secure cryptographic capabilities using a hardware specific digital secret
US20100132053A1 (en) * 2005-10-04 2010-05-27 Nec Corporation Information processing device, information processing method and program
US7739521B2 (en) 2003-09-18 2010-06-15 Intel Corporation Method of obscuring cryptographic computations
US7809957B2 (en) 2005-09-29 2010-10-05 Intel Corporation Trusted platform module for generating sealed data
US7818808B1 (en) 2000-12-27 2010-10-19 Intel Corporation Processor mode for limiting the operation of guest software running on a virtual machine supported by a virtual machine monitor
US7836275B2 (en) 2005-01-28 2010-11-16 Intel Corporation Method and apparatus for supporting address translation in a virtual machine environment
US7840962B2 (en) 2004-09-30 2010-11-23 Intel Corporation System and method for controlling switching between VMM and VM using enabling value of VMM timer indicator and VMM timer value having a specified time
US7861245B2 (en) 2004-03-31 2010-12-28 Intel Corporation Method and apparatus for facilitating recognition of an open event window during operation of guest software in a virtual machine environment
US7900017B2 (en) 2002-12-27 2011-03-01 Intel Corporation Mechanism for remapping post virtual machine memory pages
US7921293B2 (en) 2001-11-01 2011-04-05 Intel Corporation Apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment
US20110167496A1 (en) * 2009-07-07 2011-07-07 Kuity Corp. Enhanced hardware command filter matrix integrated circuit
US7984483B2 (en) 2007-04-25 2011-07-19 Acxess, Inc. System and method for working in a virtualized computing environment through secure access
US8014530B2 (en) 2006-03-22 2011-09-06 Intel Corporation Method and apparatus for authenticated, recoverable key distribution with no database secrets
US8037314B2 (en) 2003-12-22 2011-10-11 Intel Corporation Replacing blinded authentication authority
US8146078B2 (en) 2004-10-29 2012-03-27 Intel Corporation Timer offsetting mechanism in a virtual machine environment
US8185734B2 (en) 2002-03-29 2012-05-22 Intel Corporation System and method for execution of a secured environment initialization instruction
US8533777B2 (en) 2004-12-29 2013-09-10 Intel Corporation Mechanism to determine trust of out-of-band management agents
EP2634959A3 (en) * 2003-09-18 2013-10-09 Apple Inc. Method and Apparatus for Incremental Code Signing
US8924728B2 (en) 2004-11-30 2014-12-30 Intel Corporation Apparatus and method for establishing a secure session with a device without exposing privacy-sensitive information
US20150242617A1 (en) * 2012-01-25 2015-08-27 Sony Corporation Information processing device, information processing method, and computer program
US9176741B2 (en) 2005-08-29 2015-11-03 Invention Science Fund I, Llc Method and apparatus for segmented sequential storage
US9692858B2 (en) 2012-07-17 2017-06-27 International Business Machines Corporation Security model for a memory of a network information system
US9710626B2 (en) 2012-07-06 2017-07-18 International Business Machines Corporation Security model for network information service
KR20170114582A (en) * 2016-04-05 2017-10-16 삼성전자주식회사 Image processing apparatus and control method thereof
US20180181727A1 (en) * 2016-12-22 2018-06-28 Samsung Electronics Co., Ltd. Electronic device, method for controlling thereof and computer-readable recording medium
WO2019161176A1 (en) * 2018-02-15 2019-08-22 Verifone, Inc. System and methods for authentication code entry
US10482251B1 (en) * 2015-08-26 2019-11-19 Christopher Luis Hamlin Using integrity reports to detect network instrusion
US20220284093A1 (en) * 2021-03-08 2022-09-08 Unisys Corportion System and method for responsive process security classification and optimization

Citations (98)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3699532A (en) * 1970-04-21 1972-10-17 Singer Co Multiprogramming control for a data handling system
US3996449A (en) * 1975-08-25 1976-12-07 International Business Machines Corporation Operating system authenticator
US4037214A (en) * 1976-04-30 1977-07-19 International Business Machines Corporation Key register controlled accessing system
US4162536A (en) * 1976-01-02 1979-07-24 Gould Inc., Modicon Div. Digital input/output system and method
US4207609A (en) * 1978-05-08 1980-06-10 International Business Machines Corporation Method and means for path independent device reservation and reconnection in a multi-CPU and shared device access system
US4247905A (en) * 1977-08-26 1981-01-27 Sharp Kabushiki Kaisha Memory clear system
US4276594A (en) * 1978-01-27 1981-06-30 Gould Inc. Modicon Division Digital computer with multi-processor capability utilizing intelligent composite memory and input/output modules and method for performing the same
US4278837A (en) * 1977-10-31 1981-07-14 Best Robert M Crypto microprocessor for executing enciphered programs
US4307447A (en) * 1979-06-19 1981-12-22 Gould Inc. Programmable controller
US4307214A (en) * 1979-12-12 1981-12-22 Phillips Petroleum Company SC2 activation of supported chromium oxide catalysts
US4319323A (en) * 1980-04-04 1982-03-09 Digital Equipment Corporation Communications device for data processing system
US4347565A (en) * 1978-12-01 1982-08-31 Fujitsu Limited Address control system for software simulation
US4366537A (en) * 1980-05-23 1982-12-28 International Business Machines Corp. Authorization mechanism for transfer of program control or data between different address spaces having different storage protect keys
US4403283A (en) * 1980-07-28 1983-09-06 Ncr Corporation Extended memory system and method
US4419724A (en) * 1980-04-14 1983-12-06 Sperry Corporation Main bus interface package
US4430709A (en) * 1980-09-13 1984-02-07 Robert Bosch Gmbh Apparatus for safeguarding data entered into a microprocessor
US4521852A (en) * 1982-06-30 1985-06-04 Texas Instruments Incorporated Data processing device formed on a single semiconductor substrate having secure memory
US4759064A (en) * 1985-10-07 1988-07-19 Chaum David L Blind unanticipated signature systems
US4795893A (en) * 1986-07-11 1989-01-03 Bull, Cp8 Security device prohibiting the function of an electronic data processing unit after a first cutoff of its electrical power
US4802084A (en) * 1985-03-11 1989-01-31 Hitachi, Ltd. Address translator
US4825052A (en) * 1985-12-31 1989-04-25 Bull Cp8 Method and apparatus for certifying services obtained using a portable carrier such as a memory card
US4907272A (en) * 1986-07-11 1990-03-06 Bull Cp8 Method for authenticating an external authorizing datum by a portable object, such as a memory card
US4907270A (en) * 1986-07-11 1990-03-06 Bull Cp8 Method for certifying the authenticity of a datum exchanged between two devices connected locally or remotely by a transmission line
US4910774A (en) * 1987-07-10 1990-03-20 Schlumberger Industries Method and system for suthenticating electronic memory cards
US4975836A (en) * 1984-12-19 1990-12-04 Hitachi, Ltd. Virtual computer system
US5007082A (en) * 1988-08-03 1991-04-09 Kelly Services, Inc. Computer software encryption apparatus
US5022077A (en) * 1989-08-25 1991-06-04 International Business Machines Corp. Apparatus and method for preventing unauthorized access to BIOS in a personal computer system
US5075842A (en) * 1989-12-22 1991-12-24 Intel Corporation Disabling tag bit recognition and allowing privileged operations to occur in an object-oriented memory protection mechanism
US5079737A (en) * 1988-10-25 1992-01-07 United Technologies Corporation Memory management unit for the MIL-STD 1750 bus
US5187802A (en) * 1988-12-26 1993-02-16 Hitachi, Ltd. Virtual machine system with vitual machine resetting store indicating that virtual machine processed interrupt without virtual machine control program intervention
US5230069A (en) * 1990-10-02 1993-07-20 International Business Machines Corporation Apparatus and method for providing private and shared access to host address and data spaces by guest programs in a virtual machine computer system
US5237616A (en) * 1992-09-21 1993-08-17 International Business Machines Corporation Secure computer system having privileged and unprivileged memories
US5255379A (en) * 1990-12-28 1993-10-19 Sun Microsystems, Inc. Method for automatically transitioning from V86 mode to protected mode in a computer system using an Intel 80386 or 80486 processor
US5287363A (en) * 1991-07-01 1994-02-15 Disk Technician Corporation System for locating and anticipating data storage media failures
US5293424A (en) * 1992-10-14 1994-03-08 Bull Hn Information Systems Inc. Secure memory card
US5295251A (en) * 1989-09-21 1994-03-15 Hitachi, Ltd. Method of accessing multiple virtual address spaces and computer system
US5317705A (en) * 1990-10-24 1994-05-31 International Business Machines Corporation Apparatus and method for TLB purge reduction in a multi-level machine system
US5319760A (en) * 1991-06-28 1994-06-07 Digital Equipment Corporation Translation buffer for virtual machines with address space match
US5361375A (en) * 1989-02-09 1994-11-01 Fujitsu Limited Virtual computer system having input/output interrupt control of virtual machines
US5386552A (en) * 1991-10-21 1995-01-31 Intel Corporation Preservation of a computer system processing state in a mass storage device
US5421006A (en) * 1992-05-07 1995-05-30 Compaq Computer Corp. Method and apparatus for assessing integrity of computer system software
US5434999A (en) * 1988-11-09 1995-07-18 Bull Cp8 Safeguarded remote loading of service programs by authorizing loading in protected memory zones in a terminal
US5437033A (en) * 1990-11-16 1995-07-25 Hitachi, Ltd. System for recovery from a virtual machine monitor failure with a continuous guest dispatched to a nonguest mode
US5442645A (en) * 1989-06-06 1995-08-15 Bull Cp8 Method for checking the integrity of a program or data, and apparatus for implementing this method
US5455909A (en) * 1991-07-05 1995-10-03 Chips And Technologies Inc. Microprocessor with operation capture facility
US5459869A (en) * 1994-02-17 1995-10-17 Spilo; Michael L. Method for providing protected mode services for device drivers and other resident software
US5459867A (en) * 1989-10-20 1995-10-17 Iomega Corporation Kernels, description tables, and device drivers
US5469557A (en) * 1993-03-05 1995-11-21 Microchip Technology Incorporated Code protection in microcontroller with EEPROM fuses
US5473692A (en) * 1994-09-07 1995-12-05 Intel Corporation Roving software license for a hardware agent
US5479509A (en) * 1993-04-06 1995-12-26 Bull Cp8 Method for signature of an information processing file, and apparatus for implementing it
US5504922A (en) * 1989-06-30 1996-04-02 Hitachi, Ltd. Virtual machine with hardware display controllers for base and target machines
US5506975A (en) * 1992-12-18 1996-04-09 Hitachi, Ltd. Virtual machine I/O interrupt control method compares number of pending I/O interrupt conditions for non-running virtual machines with predetermined number
US5511217A (en) * 1992-11-30 1996-04-23 Hitachi, Ltd. Computer system of virtual machines sharing a vector processor
US5522075A (en) * 1991-06-28 1996-05-28 Digital Equipment Corporation Protection ring extension for computers having distinct virtual machine monitor and virtual machine address spaces
US5528231A (en) * 1993-06-08 1996-06-18 Bull Cp8 Method for the authentication of a portable object by an offline terminal, and apparatus for implementing the process
US5533126A (en) * 1993-04-22 1996-07-02 Bull Cp8 Key protection device for smart cards
US5555385A (en) * 1993-10-27 1996-09-10 International Business Machines Corporation Allocation of address spaces within virtual machine compute system
US5555414A (en) * 1994-12-14 1996-09-10 International Business Machines Corporation Multiprocessing system including gating of host I/O and external enablement to guest enablement at polling intervals
US5560013A (en) * 1994-12-06 1996-09-24 International Business Machines Corporation Method of using a target processor to execute programs of a source architecture that uses multiple address spaces
US5564040A (en) * 1994-11-08 1996-10-08 International Business Machines Corporation Method and apparatus for providing a server function in a logically partitioned hardware machine
US5566323A (en) * 1988-12-20 1996-10-15 Bull Cp8 Data processing system including programming voltage inhibitor for an electrically erasable reprogrammable nonvolatile memory
US5574936A (en) * 1992-01-02 1996-11-12 Amdahl Corporation Access control mechanism controlling access to and logical purging of access register translation lookaside buffer (ALB) in a computer system
US5582717A (en) * 1990-09-12 1996-12-10 Di Santo; Dennis E. Water dispenser with side by side filling-stations
US5604805A (en) * 1994-02-28 1997-02-18 Brands; Stefanus A. Privacy-protected transfer of electronic information
US5606617A (en) * 1994-10-14 1997-02-25 Brands; Stefanus A. Secret-key certificates
US5615263A (en) * 1995-01-06 1997-03-25 Vlsi Technology, Inc. Dual purpose security architecture with protected internal operating system
US5628022A (en) * 1993-06-04 1997-05-06 Hitachi, Ltd. Microcomputer with programmable ROM
US5633929A (en) * 1995-09-15 1997-05-27 Rsa Data Security, Inc Cryptographic key escrow system having reduced vulnerability to harvesting attacks
US5657445A (en) * 1996-01-26 1997-08-12 Dell Usa, L.P. Apparatus and method for limiting access to mass storage devices in a computer system
US5668971A (en) * 1992-12-01 1997-09-16 Compaq Computer Corporation Posted disk read operations performed by signalling a disk read complete to the system prior to completion of data transfer
US5684948A (en) * 1995-09-01 1997-11-04 National Semiconductor Corporation Memory management circuit which provides simulated privilege levels
US5689638A (en) * 1994-12-13 1997-11-18 Microsoft Corporation Method for providing access to independent network resources by establishing connection using an application programming interface function call without prompting the user for authentication data
US5706469A (en) * 1994-09-12 1998-01-06 Mitsubishi Denki Kabushiki Kaisha Data processing system controlling bus access to an arbitrary sized memory area
US5717903A (en) * 1995-05-15 1998-02-10 Compaq Computer Corporation Method and appartus for emulating a peripheral device to allow device driver development before availability of the peripheral device
US5720609A (en) * 1991-01-09 1998-02-24 Pfefferle; William Charles Catalytic method
US5721222A (en) * 1992-04-16 1998-02-24 Zeneca Limited Heterocyclic ketones
US5729760A (en) * 1996-06-21 1998-03-17 Intel Corporation System for providing first type access to register if processor in first mode and second type access to register if processor not in first mode
US5737760A (en) * 1995-10-06 1998-04-07 Motorola Inc. Microcontroller with security logic circuit which prevents reading of internal memory by external program
US5737604A (en) * 1989-11-03 1998-04-07 Compaq Computer Corporation Method and apparatus for independently resetting processors and cache controllers in multiple processor systems
US5740178A (en) * 1996-08-29 1998-04-14 Lucent Technologies Inc. Software for controlling a reliable backup memory
US5752046A (en) * 1993-01-14 1998-05-12 Apple Computer, Inc. Power management system for computer device interconnection bus
US5835594A (en) * 1996-02-09 1998-11-10 Intel Corporation Methods and apparatus for preventing unauthorized write access to a protected non-volatile storage
US5926631A (en) * 1997-08-15 1999-07-20 International Business Machines Corporation Network computer emulator systems, methods and computer program products for personal computers
US6260120B1 (en) * 1998-06-29 2001-07-10 Emc Corporation Storage mapping and partitioning among multiple host processors in the presence of login state changes and host controller replacement
US6389511B1 (en) * 1997-12-31 2002-05-14 Emc Corporation On-line data verification and repair in redundant storage system
US6393420B1 (en) * 1999-06-03 2002-05-21 International Business Machines Corporation Securing Web server source documents and executables
US6397331B1 (en) * 1997-09-16 2002-05-28 Safenet, Inc. Method for expanding secure kernel program memory
US6401208B2 (en) * 1998-07-17 2002-06-04 Intel Corporation Method for BIOS authentication prior to BIOS execution
US20020120856A1 (en) * 2000-02-25 2002-08-29 Ernst Schmidt Signature process
US20030037237A1 (en) * 2001-04-09 2003-02-20 Jean-Paul Abgrall Systems and methods for computer device authentication
US20030056070A1 (en) * 2001-09-17 2003-03-20 Dayan Richard Alan Secure write blocking circuit and method for preventing unauthorized write access to nonvolatile memory
US6609199B1 (en) * 1998-10-26 2003-08-19 Microsoft Corporation Method and apparatus for authenticating an open system application to a portable IC device
US6651171B1 (en) * 1999-04-06 2003-11-18 Microsoft Corporation Secure execution of program code
US6704872B1 (en) * 1998-05-19 2004-03-09 International Business Machines Corporation Processor with a function to prevent illegal execution of a program, an instruction executed by a processor and a method of preventing illegal execution of a program
US6823451B1 (en) * 2001-05-10 2004-11-23 Advanced Micro Devices, Inc. Integrated circuit for security and manageability
US6851113B2 (en) * 2001-06-29 2005-02-01 International Business Machines Corporation Secure shell protocol access control
US6934852B2 (en) * 2000-12-11 2005-08-23 International Business Machines Corporation Security keys for enhanced downstream access security for electronic file systems and drives
US7099304B2 (en) * 2000-09-05 2006-08-29 Flexiworld Technologies, Inc. Apparatus, methods and systems for anonymous communication

Patent Citations (99)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3699532A (en) * 1970-04-21 1972-10-17 Singer Co Multiprogramming control for a data handling system
US3996449A (en) * 1975-08-25 1976-12-07 International Business Machines Corporation Operating system authenticator
US4162536A (en) * 1976-01-02 1979-07-24 Gould Inc., Modicon Div. Digital input/output system and method
US4037214A (en) * 1976-04-30 1977-07-19 International Business Machines Corporation Key register controlled accessing system
US4247905A (en) * 1977-08-26 1981-01-27 Sharp Kabushiki Kaisha Memory clear system
US4278837A (en) * 1977-10-31 1981-07-14 Best Robert M Crypto microprocessor for executing enciphered programs
US4276594A (en) * 1978-01-27 1981-06-30 Gould Inc. Modicon Division Digital computer with multi-processor capability utilizing intelligent composite memory and input/output modules and method for performing the same
US4207609A (en) * 1978-05-08 1980-06-10 International Business Machines Corporation Method and means for path independent device reservation and reconnection in a multi-CPU and shared device access system
US4347565A (en) * 1978-12-01 1982-08-31 Fujitsu Limited Address control system for software simulation
US4307447A (en) * 1979-06-19 1981-12-22 Gould Inc. Programmable controller
US4307214A (en) * 1979-12-12 1981-12-22 Phillips Petroleum Company SC2 activation of supported chromium oxide catalysts
US4319323A (en) * 1980-04-04 1982-03-09 Digital Equipment Corporation Communications device for data processing system
US4419724A (en) * 1980-04-14 1983-12-06 Sperry Corporation Main bus interface package
US4366537A (en) * 1980-05-23 1982-12-28 International Business Machines Corp. Authorization mechanism for transfer of program control or data between different address spaces having different storage protect keys
US4403283A (en) * 1980-07-28 1983-09-06 Ncr Corporation Extended memory system and method
US4430709A (en) * 1980-09-13 1984-02-07 Robert Bosch Gmbh Apparatus for safeguarding data entered into a microprocessor
US4521852A (en) * 1982-06-30 1985-06-04 Texas Instruments Incorporated Data processing device formed on a single semiconductor substrate having secure memory
US4975836A (en) * 1984-12-19 1990-12-04 Hitachi, Ltd. Virtual computer system
US4802084A (en) * 1985-03-11 1989-01-31 Hitachi, Ltd. Address translator
US4759064A (en) * 1985-10-07 1988-07-19 Chaum David L Blind unanticipated signature systems
US4825052A (en) * 1985-12-31 1989-04-25 Bull Cp8 Method and apparatus for certifying services obtained using a portable carrier such as a memory card
US4907272A (en) * 1986-07-11 1990-03-06 Bull Cp8 Method for authenticating an external authorizing datum by a portable object, such as a memory card
US4907270A (en) * 1986-07-11 1990-03-06 Bull Cp8 Method for certifying the authenticity of a datum exchanged between two devices connected locally or remotely by a transmission line
US4795893A (en) * 1986-07-11 1989-01-03 Bull, Cp8 Security device prohibiting the function of an electronic data processing unit after a first cutoff of its electrical power
US4910774A (en) * 1987-07-10 1990-03-20 Schlumberger Industries Method and system for suthenticating electronic memory cards
US5007082A (en) * 1988-08-03 1991-04-09 Kelly Services, Inc. Computer software encryption apparatus
US5079737A (en) * 1988-10-25 1992-01-07 United Technologies Corporation Memory management unit for the MIL-STD 1750 bus
US5434999A (en) * 1988-11-09 1995-07-18 Bull Cp8 Safeguarded remote loading of service programs by authorizing loading in protected memory zones in a terminal
US5566323A (en) * 1988-12-20 1996-10-15 Bull Cp8 Data processing system including programming voltage inhibitor for an electrically erasable reprogrammable nonvolatile memory
US5187802A (en) * 1988-12-26 1993-02-16 Hitachi, Ltd. Virtual machine system with vitual machine resetting store indicating that virtual machine processed interrupt without virtual machine control program intervention
US5361375A (en) * 1989-02-09 1994-11-01 Fujitsu Limited Virtual computer system having input/output interrupt control of virtual machines
US5442645A (en) * 1989-06-06 1995-08-15 Bull Cp8 Method for checking the integrity of a program or data, and apparatus for implementing this method
US5504922A (en) * 1989-06-30 1996-04-02 Hitachi, Ltd. Virtual machine with hardware display controllers for base and target machines
US5022077A (en) * 1989-08-25 1991-06-04 International Business Machines Corp. Apparatus and method for preventing unauthorized access to BIOS in a personal computer system
US5295251A (en) * 1989-09-21 1994-03-15 Hitachi, Ltd. Method of accessing multiple virtual address spaces and computer system
US5459867A (en) * 1989-10-20 1995-10-17 Iomega Corporation Kernels, description tables, and device drivers
US5737604A (en) * 1989-11-03 1998-04-07 Compaq Computer Corporation Method and apparatus for independently resetting processors and cache controllers in multiple processor systems
US5075842A (en) * 1989-12-22 1991-12-24 Intel Corporation Disabling tag bit recognition and allowing privileged operations to occur in an object-oriented memory protection mechanism
US5582717A (en) * 1990-09-12 1996-12-10 Di Santo; Dennis E. Water dispenser with side by side filling-stations
US5230069A (en) * 1990-10-02 1993-07-20 International Business Machines Corporation Apparatus and method for providing private and shared access to host address and data spaces by guest programs in a virtual machine computer system
US5317705A (en) * 1990-10-24 1994-05-31 International Business Machines Corporation Apparatus and method for TLB purge reduction in a multi-level machine system
US5437033A (en) * 1990-11-16 1995-07-25 Hitachi, Ltd. System for recovery from a virtual machine monitor failure with a continuous guest dispatched to a nonguest mode
US5255379A (en) * 1990-12-28 1993-10-19 Sun Microsystems, Inc. Method for automatically transitioning from V86 mode to protected mode in a computer system using an Intel 80386 or 80486 processor
US5720609A (en) * 1991-01-09 1998-02-24 Pfefferle; William Charles Catalytic method
US5522075A (en) * 1991-06-28 1996-05-28 Digital Equipment Corporation Protection ring extension for computers having distinct virtual machine monitor and virtual machine address spaces
US5319760A (en) * 1991-06-28 1994-06-07 Digital Equipment Corporation Translation buffer for virtual machines with address space match
US5287363A (en) * 1991-07-01 1994-02-15 Disk Technician Corporation System for locating and anticipating data storage media failures
US5455909A (en) * 1991-07-05 1995-10-03 Chips And Technologies Inc. Microprocessor with operation capture facility
US5386552A (en) * 1991-10-21 1995-01-31 Intel Corporation Preservation of a computer system processing state in a mass storage device
US5574936A (en) * 1992-01-02 1996-11-12 Amdahl Corporation Access control mechanism controlling access to and logical purging of access register translation lookaside buffer (ALB) in a computer system
US5721222A (en) * 1992-04-16 1998-02-24 Zeneca Limited Heterocyclic ketones
US5421006A (en) * 1992-05-07 1995-05-30 Compaq Computer Corp. Method and apparatus for assessing integrity of computer system software
US5237616A (en) * 1992-09-21 1993-08-17 International Business Machines Corporation Secure computer system having privileged and unprivileged memories
US5293424A (en) * 1992-10-14 1994-03-08 Bull Hn Information Systems Inc. Secure memory card
US5511217A (en) * 1992-11-30 1996-04-23 Hitachi, Ltd. Computer system of virtual machines sharing a vector processor
US5668971A (en) * 1992-12-01 1997-09-16 Compaq Computer Corporation Posted disk read operations performed by signalling a disk read complete to the system prior to completion of data transfer
US5506975A (en) * 1992-12-18 1996-04-09 Hitachi, Ltd. Virtual machine I/O interrupt control method compares number of pending I/O interrupt conditions for non-running virtual machines with predetermined number
US5752046A (en) * 1993-01-14 1998-05-12 Apple Computer, Inc. Power management system for computer device interconnection bus
US5469557A (en) * 1993-03-05 1995-11-21 Microchip Technology Incorporated Code protection in microcontroller with EEPROM fuses
US5479509A (en) * 1993-04-06 1995-12-26 Bull Cp8 Method for signature of an information processing file, and apparatus for implementing it
US5533126A (en) * 1993-04-22 1996-07-02 Bull Cp8 Key protection device for smart cards
US5628022A (en) * 1993-06-04 1997-05-06 Hitachi, Ltd. Microcomputer with programmable ROM
US5528231A (en) * 1993-06-08 1996-06-18 Bull Cp8 Method for the authentication of a portable object by an offline terminal, and apparatus for implementing the process
US5555385A (en) * 1993-10-27 1996-09-10 International Business Machines Corporation Allocation of address spaces within virtual machine compute system
US5459869A (en) * 1994-02-17 1995-10-17 Spilo; Michael L. Method for providing protected mode services for device drivers and other resident software
US5604805A (en) * 1994-02-28 1997-02-18 Brands; Stefanus A. Privacy-protected transfer of electronic information
US5473692A (en) * 1994-09-07 1995-12-05 Intel Corporation Roving software license for a hardware agent
US5568552A (en) * 1994-09-07 1996-10-22 Intel Corporation Method for providing a roving software license from one node to another node
US5706469A (en) * 1994-09-12 1998-01-06 Mitsubishi Denki Kabushiki Kaisha Data processing system controlling bus access to an arbitrary sized memory area
US5606617A (en) * 1994-10-14 1997-02-25 Brands; Stefanus A. Secret-key certificates
US5564040A (en) * 1994-11-08 1996-10-08 International Business Machines Corporation Method and apparatus for providing a server function in a logically partitioned hardware machine
US5560013A (en) * 1994-12-06 1996-09-24 International Business Machines Corporation Method of using a target processor to execute programs of a source architecture that uses multiple address spaces
US5689638A (en) * 1994-12-13 1997-11-18 Microsoft Corporation Method for providing access to independent network resources by establishing connection using an application programming interface function call without prompting the user for authentication data
US5555414A (en) * 1994-12-14 1996-09-10 International Business Machines Corporation Multiprocessing system including gating of host I/O and external enablement to guest enablement at polling intervals
US5615263A (en) * 1995-01-06 1997-03-25 Vlsi Technology, Inc. Dual purpose security architecture with protected internal operating system
US5717903A (en) * 1995-05-15 1998-02-10 Compaq Computer Corporation Method and appartus for emulating a peripheral device to allow device driver development before availability of the peripheral device
US5684948A (en) * 1995-09-01 1997-11-04 National Semiconductor Corporation Memory management circuit which provides simulated privilege levels
US5633929A (en) * 1995-09-15 1997-05-27 Rsa Data Security, Inc Cryptographic key escrow system having reduced vulnerability to harvesting attacks
US5737760A (en) * 1995-10-06 1998-04-07 Motorola Inc. Microcontroller with security logic circuit which prevents reading of internal memory by external program
US5657445A (en) * 1996-01-26 1997-08-12 Dell Usa, L.P. Apparatus and method for limiting access to mass storage devices in a computer system
US5835594A (en) * 1996-02-09 1998-11-10 Intel Corporation Methods and apparatus for preventing unauthorized write access to a protected non-volatile storage
US5729760A (en) * 1996-06-21 1998-03-17 Intel Corporation System for providing first type access to register if processor in first mode and second type access to register if processor not in first mode
US5740178A (en) * 1996-08-29 1998-04-14 Lucent Technologies Inc. Software for controlling a reliable backup memory
US5926631A (en) * 1997-08-15 1999-07-20 International Business Machines Corporation Network computer emulator systems, methods and computer program products for personal computers
US6397331B1 (en) * 1997-09-16 2002-05-28 Safenet, Inc. Method for expanding secure kernel program memory
US6389511B1 (en) * 1997-12-31 2002-05-14 Emc Corporation On-line data verification and repair in redundant storage system
US6704872B1 (en) * 1998-05-19 2004-03-09 International Business Machines Corporation Processor with a function to prevent illegal execution of a program, an instruction executed by a processor and a method of preventing illegal execution of a program
US6260120B1 (en) * 1998-06-29 2001-07-10 Emc Corporation Storage mapping and partitioning among multiple host processors in the presence of login state changes and host controller replacement
US6401208B2 (en) * 1998-07-17 2002-06-04 Intel Corporation Method for BIOS authentication prior to BIOS execution
US6609199B1 (en) * 1998-10-26 2003-08-19 Microsoft Corporation Method and apparatus for authenticating an open system application to a portable IC device
US6651171B1 (en) * 1999-04-06 2003-11-18 Microsoft Corporation Secure execution of program code
US6393420B1 (en) * 1999-06-03 2002-05-21 International Business Machines Corporation Securing Web server source documents and executables
US20020120856A1 (en) * 2000-02-25 2002-08-29 Ernst Schmidt Signature process
US7099304B2 (en) * 2000-09-05 2006-08-29 Flexiworld Technologies, Inc. Apparatus, methods and systems for anonymous communication
US6934852B2 (en) * 2000-12-11 2005-08-23 International Business Machines Corporation Security keys for enhanced downstream access security for electronic file systems and drives
US20030037237A1 (en) * 2001-04-09 2003-02-20 Jean-Paul Abgrall Systems and methods for computer device authentication
US6823451B1 (en) * 2001-05-10 2004-11-23 Advanced Micro Devices, Inc. Integrated circuit for security and manageability
US6851113B2 (en) * 2001-06-29 2005-02-01 International Business Machines Corporation Secure shell protocol access control
US20030056070A1 (en) * 2001-09-17 2003-03-20 Dayan Richard Alan Secure write blocking circuit and method for preventing unauthorized write access to nonvolatile memory

Cited By (104)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6976162B1 (en) 2000-06-28 2005-12-13 Intel Corporation Platform and method for establishing provable identities while maintaining privacy
US7818808B1 (en) 2000-12-27 2010-10-19 Intel Corporation Processor mode for limiting the operation of guest software running on a virtual machine supported by a virtual machine monitor
US7921293B2 (en) 2001-11-01 2011-04-05 Intel Corporation Apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment
US8407476B2 (en) 2002-02-25 2013-03-26 Intel Corporation Method and apparatus for loading a trustable operating system
US20030163723A1 (en) * 2002-02-25 2003-08-28 Kozuch Michael A. Method and apparatus for loading a trustable operating system
US8386788B2 (en) 2002-02-25 2013-02-26 Intel Corporation Method and apparatus for loading a trustable operating system
US20030188173A1 (en) * 2002-03-26 2003-10-02 Zimmer Vincent J. Hardened extended firmware interface framework
US7127579B2 (en) * 2002-03-26 2006-10-24 Intel Corporation Hardened extended firmware interface framework
US8645688B2 (en) 2002-03-29 2014-02-04 Intel Corporation System and method for execution of a secured environment initialization instruction
US10175994B2 (en) 2002-03-29 2019-01-08 Intel Corporation System and method for execution of a secured environment initialization instruction
US9990208B2 (en) 2002-03-29 2018-06-05 Intel Corporation System and method for execution of a secured environment initialization instruction
US7028149B2 (en) * 2002-03-29 2006-04-11 Intel Corporation System and method for resetting a platform configuration register
US10042649B2 (en) 2002-03-29 2018-08-07 Intel Corporation System and method for execution of a secured environment initialization instruction
US9361121B2 (en) 2002-03-29 2016-06-07 Intel Corporation System and method for execution of a secured environment initialization instruction
US8185734B2 (en) 2002-03-29 2012-05-22 Intel Corporation System and method for execution of a secured environment initialization instruction
US10031759B2 (en) 2002-03-29 2018-07-24 Intel Corporation System and method for execution of a secured environment initialization instruction
US20030188113A1 (en) * 2002-03-29 2003-10-02 Grawrock David W. System and method for resetting a platform configuration register
US20030217250A1 (en) * 2002-04-16 2003-11-20 Steve Bennett Control register access virtualization performance improvement in the virtual-machine architecture
US20070086588A1 (en) * 2002-04-17 2007-04-19 Microsoft Corporation Saving and Retrieving Data Based on Symmetric Key Encryption
US7752456B2 (en) * 2002-04-17 2010-07-06 Microsoft Corporation Saving and retrieving data based on symmetric key encryption
US20030204693A1 (en) * 2002-04-30 2003-10-30 Moran Douglas R. Methods and arrangements to interface memory
US20040003324A1 (en) * 2002-06-29 2004-01-01 Richard Uhlig Handling faults associated with operation of guest software in the virtual-machine architecture
US20040003323A1 (en) * 2002-06-29 2004-01-01 Steve Bennett Control over faults occurring during the operation of guest software in the virtual-machine architecture
US20040103281A1 (en) * 2002-11-27 2004-05-27 Brickell Ernie F. System and method for establishing trust without revealing identity
US20040117532A1 (en) * 2002-12-11 2004-06-17 Bennett Steven M. Mechanism for controlling external interrupts in a virtual machine system
US20040117593A1 (en) * 2002-12-12 2004-06-17 Richard Uhlig Reclaiming existing fields in address translation data structures to extend control over memory acceses
US20040117625A1 (en) * 2002-12-16 2004-06-17 Grawrock David W. Attestation using both fixed token and portable token
US8195914B2 (en) 2002-12-27 2012-06-05 Intel Corporation Mechanism for remapping post virtual machine memory pages
US7900017B2 (en) 2002-12-27 2011-03-01 Intel Corporation Mechanism for remapping post virtual machine memory pages
US9971615B2 (en) 2003-09-15 2018-05-15 Intel Corporation Optimizing processor-managed resources based on the behavior of a virtual machine monitor
US8079034B2 (en) 2003-09-15 2011-12-13 Intel Corporation Optimizing processor-managed resources based on the behavior of a virtual machine monitor
US20050071840A1 (en) * 2003-09-15 2005-03-31 Gilbert Neiger Use of multiple virtual machine monitors to handle privileged events
US20050060702A1 (en) * 2003-09-15 2005-03-17 Bennett Steven M. Optimizing processor-managed resources based on the behavior of a virtual machine monitor
EP2634959A3 (en) * 2003-09-18 2013-10-09 Apple Inc. Method and Apparatus for Incremental Code Signing
US7739521B2 (en) 2003-09-18 2010-06-15 Intel Corporation Method of obscuring cryptographic computations
US8880897B2 (en) 2003-09-18 2014-11-04 Apple Inc. Method and apparatus for incremental code signing
US7681046B1 (en) 2003-09-26 2010-03-16 Andrew Morgan System with secure cryptographic capabilities using a hardware specific digital secret
US20050080965A1 (en) * 2003-09-30 2005-04-14 Bennett Steven M. Mechanism to control hardware interrupt acknowledgement in a virtual machine system
US7694151B1 (en) 2003-11-20 2010-04-06 Johnson Richard C Architecture, system, and method for operating on encrypted and/or hidden information
US20100017625A1 (en) * 2003-11-20 2010-01-21 Johnson Richard C Architecure, system, and method for operating on encrypted and/or hidden information
US8335930B2 (en) 2003-11-20 2012-12-18 Johnson Richard C Architecture, system, and method for operating on encrypted and/or hidden information
US9087000B2 (en) 2003-11-26 2015-07-21 Intel Corporation Accessing private data about the state of a data processing machine from storage that is publicly accessible
US9348767B2 (en) 2003-11-26 2016-05-24 Intel Corporation Accessing private data about the state of a data processing machine from storage that is publicly accessible
US8156343B2 (en) 2003-11-26 2012-04-10 Intel Corporation Accessing private data about the state of a data processing machine from storage that is publicly accessible
US20050114610A1 (en) * 2003-11-26 2005-05-26 Robinson Scott H. Accessing private data about the state of a data processing machine from storage that is publicly accessible
US8037314B2 (en) 2003-12-22 2011-10-11 Intel Corporation Replacing blinded authentication authority
US20050133582A1 (en) * 2003-12-22 2005-06-23 Bajikar Sundeep M. Method and apparatus for providing a trusted time stamp in an open platform
US9009483B2 (en) 2003-12-22 2015-04-14 Intel Corporation Replacing blinded authentication authority
US7802085B2 (en) 2004-02-18 2010-09-21 Intel Corporation Apparatus and method for distributing private keys to an entity with minimal secret, unique information
US20050180572A1 (en) * 2004-02-18 2005-08-18 Graunke Gary L. Apparatus and method for distributing private keys to an entity with minimal secret, unique information
US8639915B2 (en) 2004-02-18 2014-01-28 Intel Corporation Apparatus and method for distributing private keys to an entity with minimal secret, unique information
US7861245B2 (en) 2004-03-31 2010-12-28 Intel Corporation Method and apparatus for facilitating recognition of an open event window during operation of guest software in a virtual machine environment
US20060020785A1 (en) * 2004-06-30 2006-01-26 Grawrock David W Secure distribution of a video card public key
US7370189B2 (en) 2004-09-30 2008-05-06 Intel Corporation Method and apparatus for establishing safe processor operating points in connection with a secure boot
US20080215875A1 (en) * 2004-09-30 2008-09-04 Stephen Anthony Fischer Method and apparatus for establishing safe processor operating points
US20060069903A1 (en) * 2004-09-30 2006-03-30 Fischer Stephen A Method and apparatus for establishing safe processor operating points
US8850178B2 (en) 2004-09-30 2014-09-30 Intel Corporation Method and apparatus for establishing safe processor operating points
US8131989B2 (en) 2004-09-30 2012-03-06 Intel Corporation Method and apparatus for establishing safe processor operating points
US8892861B2 (en) 2004-09-30 2014-11-18 Intel Corporation Method and apparatus for establishing safe processor operating points
US7840962B2 (en) 2004-09-30 2010-11-23 Intel Corporation System and method for controlling switching between VMM and VM using enabling value of VMM timer indicator and VMM timer value having a specified time
US8146078B2 (en) 2004-10-29 2012-03-27 Intel Corporation Timer offsetting mechanism in a virtual machine environment
US8924728B2 (en) 2004-11-30 2014-12-30 Intel Corporation Apparatus and method for establishing a secure session with a device without exposing privacy-sensitive information
US8533777B2 (en) 2004-12-29 2013-09-10 Intel Corporation Mechanism to determine trust of out-of-band management agents
US7836275B2 (en) 2005-01-28 2010-11-16 Intel Corporation Method and apparatus for supporting address translation in a virtual machine environment
US20060224878A1 (en) * 2005-03-31 2006-10-05 Intel Corporation System and method for trusted early boot flow
US7752428B2 (en) 2005-03-31 2010-07-06 Intel Corporation System and method for trusted early boot flow
US20070006306A1 (en) * 2005-06-30 2007-01-04 Jean-Pierre Seifert Tamper-aware virtual TPM
US20100037315A1 (en) * 2005-06-30 2010-02-11 Jean-Pierre Seifert Tamper-aware virtual tpm
US7603707B2 (en) * 2005-06-30 2009-10-13 Intel Corporation Tamper-aware virtual TPM
US8453236B2 (en) * 2005-06-30 2013-05-28 Intel Corporation Tamper-aware virtual TPM
US20080133883A1 (en) * 2005-08-29 2008-06-05 Centaurus Data Llc Hierarchical store buffer
US20070083739A1 (en) * 2005-08-29 2007-04-12 Glew Andrew F Processor with branch predictor
US7644258B2 (en) 2005-08-29 2010-01-05 Searete, Llc Hybrid branch predictor using component predictors each having confidence and override signals
US8028152B2 (en) 2005-08-29 2011-09-27 The Invention Science Fund I, Llc Hierarchical multi-threading processor for executing virtual threads in a time-multiplexed fashion
US8296550B2 (en) 2005-08-29 2012-10-23 The Invention Science Fund I, Llc Hierarchical register file with operand capture ports
US8275976B2 (en) 2005-08-29 2012-09-25 The Invention Science Fund I, Llc Hierarchical instruction scheduler facilitating instruction replay
US8266412B2 (en) 2005-08-29 2012-09-11 The Invention Science Fund I, Llc Hierarchical store buffer having segmented partitions
US20080133893A1 (en) * 2005-08-29 2008-06-05 Centaurus Data Llc Hierarchical register file
US8037288B2 (en) 2005-08-29 2011-10-11 The Invention Science Fund I, Llc Hybrid branch predictor having negative ovedrride signals
US20080133885A1 (en) * 2005-08-29 2008-06-05 Centaurus Data Llc Hierarchical multi-threading processor
US9176741B2 (en) 2005-08-29 2015-11-03 Invention Science Fund I, Llc Method and apparatus for segmented sequential storage
US20080133889A1 (en) * 2005-08-29 2008-06-05 Centaurus Data Llc Hierarchical instruction scheduler
US7809957B2 (en) 2005-09-29 2010-10-05 Intel Corporation Trusted platform module for generating sealed data
US20100132053A1 (en) * 2005-10-04 2010-05-27 Nec Corporation Information processing device, information processing method and program
US8014530B2 (en) 2006-03-22 2011-09-06 Intel Corporation Method and apparatus for authenticated, recoverable key distribution with no database secrets
US7984483B2 (en) 2007-04-25 2011-07-19 Acxess, Inc. System and method for working in a virtualized computing environment through secure access
US20110167496A1 (en) * 2009-07-07 2011-07-07 Kuity Corp. Enhanced hardware command filter matrix integrated circuit
US20150242617A1 (en) * 2012-01-25 2015-08-27 Sony Corporation Information processing device, information processing method, and computer program
US9372985B2 (en) * 2012-01-25 2016-06-21 Sony Corporation Information processing device, information processing method, and computer program
US9922181B2 (en) 2012-07-06 2018-03-20 International Business Machines Corporation Security model for network information service
US10162952B2 (en) 2012-07-06 2018-12-25 International Business Machines Corporation Security model for network information service
US9710626B2 (en) 2012-07-06 2017-07-18 International Business Machines Corporation Security model for network information service
US9692858B2 (en) 2012-07-17 2017-06-27 International Business Machines Corporation Security model for a memory of a network information system
US11188653B1 (en) * 2015-08-26 2021-11-30 Christopher Luis Hamlin Verifying the integrity of a computing platform
US10482251B1 (en) * 2015-08-26 2019-11-19 Christopher Luis Hamlin Using integrity reports to detect network instrusion
KR20170114582A (en) * 2016-04-05 2017-10-16 삼성전자주식회사 Image processing apparatus and control method thereof
US10382207B2 (en) * 2016-04-05 2019-08-13 Samsung Electronics Co., Ltd. Image processing apparatus and control method thereof
KR102550672B1 (en) * 2016-04-05 2023-07-04 삼성전자주식회사 Image processing apparatus and control method thereof
US20180181727A1 (en) * 2016-12-22 2018-06-28 Samsung Electronics Co., Ltd. Electronic device, method for controlling thereof and computer-readable recording medium
WO2019161176A1 (en) * 2018-02-15 2019-08-22 Verifone, Inc. System and methods for authentication code entry
US11042628B2 (en) 2018-02-15 2021-06-22 Verifone, Inc. Systems and methods for authentication code entry using mobile electronic devices
US11604870B2 (en) 2018-02-15 2023-03-14 Verifone, Inc. Systems and methods for authentication code entry using mobile electronic devices
US20220284093A1 (en) * 2021-03-08 2022-09-08 Unisys Corportion System and method for responsive process security classification and optimization
US11593079B2 (en) * 2021-03-08 2023-02-28 Unisys Corporation System and method for responsive process security classification and optimization

Similar Documents

Publication Publication Date Title
US7308576B2 (en) Authenticated code module
US20030126453A1 (en) Processor supporting execution of an authenticated code instruction
US20030126454A1 (en) Authenticated code method and apparatus
US9989043B2 (en) System and method for processor-based security
JP5249399B2 (en) Method and apparatus for secure execution using secure memory partition
US9846787B2 (en) System and method for implementing a trusted dynamic launch and trusted platform module (TPM) using secure enclaves
Seshadri et al. Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems
KR101237527B1 (en) A computer system comprising a secure boot mechanism
CN102841994B (en) For performing the system and method for secured environment initialization instruction
US7028149B2 (en) System and method for resetting a platform configuration register
JP4822646B2 (en) Generating a key hierarchy for use in an isolated execution environment
US6941458B1 (en) Managing a secure platform using a hierarchical executive architecture in isolated execution mode
US7194634B2 (en) Attestation key memory device and bus
US20080046762A1 (en) Protecting system control registers in a data processing apparatus
KR20120099472A (en) Method and apparatus to provide secure application execution
GB2448379A (en) Dynamic trust management in computing platforms
KR20090005219A (en) Execution of a secured environment initialization instruction on a point-to-point interconnect system
US7013484B1 (en) Managing a secure environment using a chipset in isolated execution mode
US7013481B1 (en) Attestation key memory device and bus
US6754815B1 (en) Method and system for scrubbing an isolated area of memory after reset of a processor operating in isolated execution mode if a cleanup flag is set
US6769058B1 (en) Resetting a processor in an isolated execution environment
Champagne Scalable security architecture for trusted software
You et al. KVSEV: A Secure In-Memory Key-Value Store with Secure Encrypted Virtualization
Elwell Securing systems with non-inclusive memory permissions
vor starken Angreifern et al. Trusted Systems in Untrusted Environments: Protecting against Strong Attackers

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTEL CORPORATION, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:GLEW, ANDREW F.;SUTTON, JAMES A.;SMITH, LAWRENCE O.;AND OTHERS;REEL/FRAME:012933/0056;SIGNING DATES FROM 20020405 TO 20020502

STCB Information on status: application discontinuation

Free format text: ABANDONED -- AFTER EXAMINER'S ANSWER OR BOARD OF APPEALS DECISION